We’ve All Had an Apple Out of That Sack

When I first gave my life to Christ I felt so incredibly clean, so new, and fresh it was truly like being born-again.  My old life was washed away and I was a babe in Christ.  Then as I devoured Hi...

Dr. Robert Owens - avatar Dr. Robert Owens

Domestic abuse or genuine relationship? Our welfare system can't tell

Financial abuse can be misinterpreted as 'sharing finances', which can indicate a relationship in the criteria of the couple rule. ShutterstockIn Australia’s social security laws, the “cou...

Lyndal Sleep, Research Fellow, Griffith University - avatar Lyndal Sleep, Research Fellow, Griffith University

Friday essay: why old is new again - the mid-century homes made famous by Don's Party and Dame Edna

A Royal Victorian Small Homes House, designed in conjuction with The Age newspaper, 1955. Photo: Wolfgang Sievers. Pictures Collection, State Library VictoriaOf all the mantras for modernism, the one ...

Kirsty Volz, PhD Candidate, The University of Queensland - avatar Kirsty Volz, PhD Candidate, The University of Queensland

How public libraries can help prepare us for the future

Public libraries can use their status as community hubs to engage the public in scenario planning for the future.Mosman Library/Flickr, CC BYFor generations, libraries have helped people explore knowl...

Matthew Finch, Adjunct Research Fellow, University of Southern Queensland - avatar Matthew Finch, Adjunct Research Fellow, University of Southern Queensland

One-third of all preschool centres could be without a trained teacher in four years, if we do nothing

Currently, half of all early childhood teachers have a bachelor degree, with a further one-third still working towards one. from shutterstock.comOne-third of all preschools may lack a qualified teache...

Megan O'Connell, Honorary Senior Fellow, University of Melbourne - avatar Megan O'Connell, Honorary Senior Fellow, University of Melbourne

Not one but two Aussie dishes were used to get the TV signals back from the Apollo 11 moonwalk

US astronaut Neil Armstrong on the Moon during the Apollo 11 mission.NASAThe role Australia played in relaying the first television images of astronaut Neil Armstrong’s historic walk on the Moon...

John Sarkissian, Operations Scientist, CSIRO - avatar John Sarkissian, Operations Scientist, CSIRO

How our obsession with performance is changing our sense of self

How well we do – at work or on the sports field – influences how we see ourselves.from www.shutterstock.com, CC BY-NDWe live in a society obsessed with performance. For both young and old...

Ben Walker, Lecturer (Management), Victoria University of Wellington - avatar Ben Walker, Lecturer (Management), Victoria University of Wellington

Australian writer Yang Hengjun is set to be charged in China at an awkward time for Australia-China relations

Charges against Yang appear to relate to his work as a writer and blogger in which he has been sharply critical of the Chinese regime. Facebook Australia’s relations with China will be further c...

Tony Walker, Adjunct Professor, School of Communications, La Trobe University - avatar Tony Walker, Adjunct Professor, School of Communications, La Trobe University

More than 28,000 species are officially threatened, with more likely to come

A giant guitarfish caught in West Papua is hung from a fishing boat. Guitarfish are in trouble, according to the IUCN Red List. Conservation International/Abdy Hasan, Author providedMore than 28,000 s...

Peter Kyne, Senior Research Fellow in conservation biology, Charles Darwin University - avatar Peter Kyne, Senior Research Fellow in conservation biology, Charles Darwin University

Grattan on Friday: Being a Trump 'bestie' comes with its own challenges for Scott Morrison

It's now widely observed that Morrison and President Donald Trump have struck an early bromance.AAP/Lukas Coch“How good is this?” Scott might have said to Jenny, when word came that he&rsq...

Michelle Grattan, Professorial Fellow, University of Canberra - avatar Michelle Grattan, Professorial Fellow, University of Canberra

Australian universities must wake up to the risks of researchers linked to China's military

Two universities are conducting internal reviews of research collaborations linked to the suppression and surveillance of the Uyghur minority in western China.Tracey Nearmy/AAPTwo Australian universit...

Clive Hamilton, Professor of Public Ethics, Centre For Applied Philosophy & Public Ethics (CAPPE), Charles Sturt University - avatar Clive Hamilton, Professor of Public Ethics, Centre For Applied Philosophy & Public Ethics (CAPPE), Charles Sturt University

US Democratic presidential primaries: Biden leading, followed by Sanders, Warren, Harris; and will Trump be beaten?

Joe Biden is the frontrunner for the Democratic nomination.AAP/EPA/Justin LaneThe next US presidential election will be held on November 3, 2020. Incumbent president Donald Trump will almost certainl...

Adrian Beaumont, Honorary Associate, School of Mathematics and Statistics, University of Melbourne - avatar Adrian Beaumont, Honorary Associate, School of Mathematics and Statistics, University of Melbourne

Opera Australia's Whiteley brings together 3 icons to tell the artist's complicated story

Leigh Melrose as Brett Whiteley in Opera Australia's 2019 production of Whiteley at the Sydney Opera House. The opera focuses on the artist's addictions and his relationship with his wife. Prudence U...

David Larkin, Senior Lecturer in Musicology, University of Sydney - avatar David Larkin, Senior Lecturer in Musicology, University of Sydney

Are sports programs closing the gap in Indigenous communities? The evidence is limited

Sports have long been seen as a way to improve outcomes in Indigenous communities, but more research is needed to structure better programs.Paul Miller/AAPIndigenous Australians have a long and proud ...

Rona Macniven, Research Fellow, University of Sydney - avatar Rona Macniven, Research Fellow, University of Sydney

imageWith a few lines of code, cyber criminals and governments have able to infiltrate the security of banks and retailers and steal hundreds of millions in customer records. Shutterstock

JPMorgan Chase early last month disclosed that cyber thieves pilfered account data on 76 million households and seven million small businesses over the summer, one of the biggest breaches ever and only the latest of the many that have made headlines in recent years. Such thefts are beginning to seem as inevitable as death and taxes.

Even worse, while some breaches are widely reported in newspapers, many more occur at small firms and receive hardly any attention at all. Since 2005, there have been more than 4,400 data breaches that have exposed close to a billion records in all, according to Privacy Rights Clearinghouse, a California non-profit that advocates for consumer privacy.

The repeated breaches lead us to ask the obvious questions: why are we seeing so many? Why are firms not protecting our data more aggressively? And what can we do about it?

As more and more data migrates into the digital realm and firms increasingly link with one another and with their consumers on faster and ubiquitous broadband networks, it is inevitable that at least some of this information will leak, whether through carelessness or malintent. But we should be able to expect that firms are investing sufficiently in their network security to keep our data as safe as possible.

Some of this is definitely happening, and firms are increasingly paying more attention. A week after JPMorgan’s disclosure, for example, the bank said it would likely double its US$250 million cybersecurity budget.

It’s important to note that data breaches do not directly hurt the firm; they most directly harm the consumer, whose personal information could then be used for fraud and identity theft. This is what economists call an “externality,” making it less likely that the company will voluntarily fix the problem since it doesn’t bare the cost. Another example of an externality is pollution, which affects not the owner of the facility but citizens living downstream from the carbon-spewing plant.

imageJPMorgan Jamie Dimon vowed to double his bank’s cybersecurity budget following the disclosure that 76 million household records were stolen.Steve Jurvetson/Flickr via CC BY, CC BY

Shining light on lapses

To deal with externalities, governments generally impose taxes and fines to recoup the resulting costs to society or penalize the behavior. In the case of data breaches, policymakers have generally used transparency as a way to ensure companies suffer some of the costs of information theft.

One of the most popular tools used are data breach notification laws, fashioned after one California passed in 2003. Currently 47 states have passed similar laws that require firms to send notices of any breaches to consumers alerting them to take certain preventive steps. The notifications are also intended to put the firm in an embarrassing position by being forced to disclose its poor security practices and thereby creating incentives to invest to better protect its data.

The Security and Exchange Commission is considering a similar effort to provide guidelines on how and when companies should disclose these risks and actual cyber attacks in their regulatory filings. These types of rules, coupled with the intense media attention following a data breach or security lapse at a firm, are meant to shine light on poor practices in hopes that the market and competition goads companies into taking adequate security precautions.

Holding companies liable

But, looking at the frequency of data breaches, these efforts do not seem to be adequate in stopping or even slowing down the pace of data breaches. So what else can we do? One possibility would be to amend tort laws so that firms that suffer a breach are held directly liable for any harm to consumers and forced to compensate them for any losses. California recently proposed an amendment to its data breach notification law that would also make retailers liable for customer financial losses. It is not clear if the bill will pass though.

A more far reaching approach would be to pass a uniform, national notification law, an idea that is being widely discussed. Currently we have a hodgepodge collection of regulations from one state to the next that seem to be satisfying no one. A federal law focused on strong transparency and penalty for negligence might provide the right kind of incentives for firms to protect customer data without the government dictating the terms.

The weakest links

But even if security at the large banks and retailers became impenetrable, thieves could still find way to steal data via third-party vendors, which do not face the same level of public scrutiny and do not have budgets to hire cyber security people of their own. Thus they are not as secure as the banks and major retailers.

The data breach that hit Target, for example, happened because of a third-party vendor. It is likely that many of these companies will have to get some sort of certification or provide contractual warranties to prove their systems cannot be easily exploited.

Criminals looking to make a quick buck from our data, of course, are not the only ones behind all the breaches. Many fingers have pointed to nation states and it is not clear whether private firms could ever invest enough in cybersecurity to thwart such attacks. It would be prohibitively costly to do so.

Companies likely need the help of their own governments, but private firms naturally find it difficult to share sensitive information, with an agency or in an SEC filing. They have more incentives to cover up data breaches.

There have been attempts to establish public policy that encourages companies to share information on intrusions and data thefts. Some of the newer proposals in the Senate and House outline ways to make it attractive for private firms to share sensitive security breach data with government agencies, even providing liability protection. The question is whether such a bill can pass or how effective it would be in spurring useful data sharing.

It will be a costly if we hope to reduce the frequency of cyber attacks and prevent the loss of our names, addresses, telephone numbers, credit card details and other private data. And those costs will likely be passed onto consumers through higher prices. At the end of the day, if we want more security (just like a safer car), then consumers have to demand it and be willing to pay for it. The hope is that in the long run, security becomes a default rather than an option.

_This article is part of a series on cybersecurity. More articles will be published in the coming weeks.

image

Rahul Telang does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations.

Read more http://theconversation.com/jpmorgan-hack-signals-banks-and-retailers-can-do-more-to-keep-our-data-safe-32659