Why Certain Industries Are Data Breach Targets

Why Certain Industries Are Data Breach Targets

Some industries are more negatively impacted by data breaches. For example, retail, media, and financial sectors experience a greater loss of customers, while education and health care sustain a higher cost per exposed record, according to a panel of security experts at the Privacy XChange Forum.

The panel, moderated by Deena Coffman, CEO of CyberScout Solutions, brought together Dr. Deborah C. Peel, founder and chairwoman of Patient Privacy Rights, Arthur Tisi, CIO of Natural Markets Food Group, Ali Waezzadah, vice president of information security at CBS, and Michael Young, vice president and product team manager at EverBank, to discuss "Bull's-Eye: Why High-Risk Industries Are Data Breach Targets."

The panelists identified the biggest security challenges they face in their respective industries:

  • Young of EverBank said the biggest threats are probably the same for all industries. In the financial sector, account takeover, when criminals steal your user ID and password to siphon money from your account, is the #1 threat. The second threat is identity theft, which occurs when criminals steal your personal information to open up accounts in your name. A third threats occurs when thieves use stolen card credentials to conduct fraudulent transactions. And the fourth big threat is when hackers attack financial institutions directly.

    While there is no silver bullet for protecting clients and the bank against fraudsters, one deterrent is encoring consumers to employ  two-factor authentication in their accounts. Two-factor authentication is a security process that requires the user to provide two means of identification to access an account or service.

    "In our experience the most effective way to deal with security and privacy challenges is to implement and utilize a layered approach," Young said. "But be very careful in your approach so that you don’t cross the line between enhanced security and being hard to use."
  • Waezzadah of CBS emphasized the importance of following security fundamentals and best practices. In many security events, "when you peel down and look at a breach, it’s always the basics that failed. When we look at the anatomy of an attack, 9 out of 10 times we found that it was the basics that failed," he said. From a security perspective, Waezzadah said it's important to visit the fundamentals. From a privacy perspective, he encouraged  privacy and information security teams to work together.
  • Tisi of Natural Market Foods Group recommended three key moves for companies to respond more effectively after a breach. First, it's critical to coordinate departments within organization, such as communications and security. Second, people have become immune to worrying about breaches in their privacy life and in corporate settings as well, so companies must fight against that. Finally, it's important not just for retailers but all companies to put a plan in place to respond swiftly to a breach. Proactively, he said retailers would benefit from conducting vulnerability assessments and going further than payment card industry standards require. Finally, he encouraged companies to develop a relationship with their insurance carrier. "If a data breach is a third certainty, you have to be prepared for the worst."

  • Peel of Patient Privacy Rights spoke passionately about the lack of privacy rights for future generations. "Our children and grandchildren will never ever have the opportunities or freedoms we have," she said. She said that while consumers are conditioned to think that the Health Insurance Portability and Accountability Act (HIPAA) protects their private information, the fact is that most hospitals have a large number of contracts with software companies that handle or touch patient data. And each of those contracts may give the companies license to use and disclose patient information or sell it. "Tell everyone you know, the worst thing possible has happened," Peel said. "The information about our minds and bodies is for sale and it’s in millions of databases. We have to tell industry and government to stop and fix this mess."