For most Americans, going online to do banking, download music or book a trip is an everyday occurrence. Unfortunately, it appears the same might be said of cyber intrusions by hackers.
Recent weeks have brought reports of malicious breaches of data systems at retailers such as Sears Holding Corp.’s Kmart stores and Home Depot Inc., which disclosed in September that as many as 56 million payment cards may have been affected over a six-month period. During the holiday season last year, an attack by hackers at Target Corp. compromised some 40 million credit- and debit-card accounts.
Even more unnerving is the breach at JPMorgan Chase, which spanned accounts of more than 76 million households and 7 million small businesses. The New York Times reported that the same hackers apparently infiltrated at least nine other financial institutions.
Perhaps equally stunning is the fact that apparently no money was taken from any account, nor has fraudulent use of stolen data been detected. So, both the identity of the perpetrators and their motive remain a mystery.
The nature and scope of these cyber intrusions underscore the need for legislative action on two fronts. First, Congress needs to pass legislation that allows more information sharing while ensuring strong privacy safeguards are in place. Many companies today are reluctant to collaborate with one another or with government agencies for fear of potential liability.
Second, lawmakers must do more to require companies to inform their customers when a breach has occurred. So-called breach notifications laws at the state level typically do not mandate disclosure if no financial loss has resulted from the intrusion or personal information has not been compromised. When notification occurs, it can be after considerable delay. Customers of breached companies have a right to know they are potentially at risk.
Finally, as Treasury Secretary Jacob Lew has noted, companies bear the primary responsibility to protect themselves from cyber threats and must “do a better job of sharing information inside their organizations. … Cyber security cannot be the concern of only the information technology and security departments.”
With our economic and national security at stake, we need to get out in front of this constantly evolving threat.
11/7/14 (c) 2014 Rochester Business Journal. To obtain permission to reprint this article, call 585-546-8303 or email firstname.lastname@example.org.