Internet Society report finds not enough being done to protect data, even on IoT devices

The Internet Society has released Wednesday findings from its 2016 Global Internet Report in which 59 percent of users admit they would likely not do business with a company which had suffered a data breach. Highlighting the extent of the data breach problem, the report makes key recommendations for building user trust in the online environment, stating that more needs to be done to protect online personal information.

The report also draws parallels with threats posed by the Internet of Things (IoT). Forecast to grow to tens of billions of devices by 2020, interconnected components and sensors that can track locations, health and other daily habits are opening gateways into user’s personal lives, leaving data exposed.

“We are at a turning point in the level of trust users are placing in the Internet,” said Internet Society’s Olaf Kolkman, chief internet technology officer. “With more of the devices in our pockets now having Internet connectivity, the opportunities for us to lose personal data is extremely high. Direct attacks on websites such as Ashley Madison and the recent IoT-based attack on Internet performance management company Dyn that rendered some of the world’s most famous websites including Reddit, Twitter and The New York Times temporarily inaccessible, are incredibly damaging both in terms of profits and reputation, but also to the levels of trust users have in the Internet.”

“Up-to-date security systems, usable security, and awareness on how to deal with threats and social engineering are needed for reducing the opportunities for data breaches and device compromise. The report shows that as much as 93 percent of all breaches could have been avoided if the correct measures were put in place. In a day and age where having a positive online presence really is a case of sink or swim for businesses, gambling with online security isn’t an option. This is why we are urging people to take action and follow our five recommendations to protect themselves both now and in the future,” added Kolkman.

The average cost of a data breach is now $4 million, up 29 percent since 2013. With a reported 1,673 breaches and 707 million exposed records occurring in 20153, the Internet Society is urging organizations to change their stance and follow five recommendations to reduce the number and impact of data breaches globally.

It puts users, who are the ultimate victims of data breaches, at the center of solutions. When assessing the costs of data breaches, include the costs to both users and organizations; while increasing transparency about the risk, incidence and impact of data breaches globally. By sharing information responsibly, organizations improve data security, help policymakers improve policies and regulators pursue attackers, and help the data security industry create better solutions.

It also makes data security a priority, so that enterprises should be held to best practice standards when it comes to data security; while increasing accountability to hold organizations accountable for their breaches. Rules regarding liability and remediation must be established up front.

It also increases incentives to invest in security by creating a market for trusted, independent assessment of data security measures so that enterprises can credibly signal their level of data security. Security signals help organizations indicate that they are less vulnerable than competitors.

“One of the key questions raised by this report is why are organisations doing so little to protect their customers’ data?” said Michael Kende, Economist and Internet Society Fellow who authored the report. “Everyone knows that data security is a major issue for both consumers and businesses, yet companies are not doing everything they could to prevent breaches.”

“According to the Online Trust Alliance, 93 percent of breaches are preventable. And steps to mitigate the cost of breaches that do occur are not taken – attackers cannot steal data that is not stored, and cannot use data that is encrypted,” added Kende. “This status-quo isn’t good enough anymore. As more and more of our lives migrate online, the cost and risk of a data breach is greatly increased, and will lead to lost revenues and a lack of trust.”

IoT Innovator Newsletter

Get the latest updates and industry news in your inbox! Enter your email address and name below to be the first to know.