The Weekly Breach Breakdown Podcast by ITRC - Don't Ask Me Why - S5E10

Show Transcript

Welcome to the Identity Theft Resource Center's (ITRC) Weekly Breach Breakdown for March 29, 2024. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we discuss the rise in data breaches and cybersecurity spending. 

Back in 1980, the iconic singer, songwriter and piano player Billy Joel released his Glass Houses album that included the song Don't Ask Me Why. James's music appreciation teacher from back in the day may disagree, but he interprets the song as being about why we should avoid asking obvious questions in life and concentrate on the things that we can change. 

"Don't wait for answers
Just take your chances
Don't ask me why."

When it comes to cybersecurity these days, one simple question vexes many people – especially CFOs: If there's more cybersecurity spending than ever, why isn't the number of cyber breaches going down? 

A Little Context

Stuart Madnick of MIT is one of those people asking the question. In fact, he wrote a column for The Wall Street Journal where, after citing the ITRC's most recent data breach report, he laid out why he believes we have not seen data compromises drop.

A little context before we dig in deeper: Cybersecurity spending is expected to grow to more than $215 billion by the end of 2024, according to Gartner. This is the same Gartner that says AI-driven maliformation could drive annual cyber spending to $500 billion in the next three years.

Why the Rise in Data Breaches with More Cybersecurity Spending?

Against that backdrop, why haven't the billions of dollars spent per year made a dent in cyberattacks and data breaches? Professor Madnick offers three reasons: 

1. Evolving ransomware attacks
2. Cloud environment misconfiguration
3. Exploitation of vendor systems

The Uptick in Supply Chain Attacks

You probably already know that the ITRC has published data that aligns with the ebbs and flows of ransomware and the 2,600 percent rise in organizations falling victim to supply chain attacks since 2019. Look at what is going on right now with the disruption caused by the largest ever cyberattack against the U.S. healthcare system thanks to a ransomware attack at Change Healthcare, part of the supply chain for thousands of medical providers and facilities.

We don't see the issues with cloud misconfiguration that the folks at MIT see. However, much of the data that is being compromised these days is housed in cloud environments. We certainly agree that cloud data is vulnerable and will continue to be.

What Will Stop the Rise in Breaches If Not Cybersecurity Spending?

While MIT answered the literal question – if cybersecurity spending is reaching new heights, why are data breaches continuing to rise – there is an unspoken follow-up query: If throwing money at the problem won't stop the rise in data compromises, what will?

There is no silver bullet. However, we need to continue basic blocking and tackling and innovate in ways that make personal information less valuable and usable. Most cyberattacks fail, so some of what we are doing works.

Making information hard to steal is only part of the solution. We also need to make it hard to use. To slow or, better yet, reverse the rise in data breaches and identity crimes, we need to adopt new ways of verifying identities that don't rely primarily on static personal information. That will go a long way toward ensuring we get the most bang for our cybersecurity bucks.

Contact the ITRC

If you want to know more about how to protect your business or personal information or think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Be sure to check out our sister podcast, the Fraudian Slip, where, as part of National Consumer Protection Week, we sit down with the Federal Trade Commission to discuss fraud risks consumers and businesses face. Next week, in April's edition of the Fraudian Slip, we will speak with the Internal Revenue Service about tax scams and identity fraud. We will return in two weeks with another episode of the Weekly Breach Breakdown.