Article posted: Dec 04, 2015
By Joakim Thorén, CEO
Information is Beautiful identified the biggest data security breaches since AOL's massive security blunder which compromised 92 million records in 2005. Interestingly, it seems there were at least a dozen breaches each year where hundreds of millions of records were compromised in retail, financial services, government, medical organizations and other industries. As in the AOL case, some of the most severe security leaks were attributed to lost or stolen equipment or insider threats.
When data security was compromised, the perpetrators collected valuable data such as patient health records, names, addresses, social security numbers and driver license IDs. For example, a laptop stolen from the Advocate Medical Group resulted in the theft of more than 4 million patient records. The Advocate Medical Group breach was the second-largest security breach ever reported to the Department of Health and Human Services. What's scary is that this breach happened in 2014.
With major data security breaches reported each month, it seems like people will just have to get used to having their data compromised, right? Not necessarily. Many of these breaches could have been prevented by deploying simple two-factor ID within the respective organizations. In the case of Advocate Medical Group, if two factor ID had been mandated throughout the organization, the stolen laptop would have been rendered useless as the thief would have to obtain both the physical card and login information to access the company-stored patient data.
Two-factor ID in the form of smart cards and tokens have been around for more than 20 years, and are now being widely adopted by financial institutions and others. Retailers, like Target, now have special card readers to accommodate these chips. Yet, many companies are reluctant to deploy smart card systems to protect their most important assets – private data.
Companies victimized by insider threats or stolen equipment can only blame themselves for these costly breaches. In addition to enraging their consumer bases many of the largest security breaches come with a steep cost. Whether it's job loss, as in the case of Target's CEO, or a class action suit from eBay's users, it far outweighs the costs of deploying effective two-factor identification and access management throughout an organization.