Since the first National Cybersecurity Awareness Month 15 years ago, the world has gone from about 800 million internet users to approximately 4.5 billion users. Over that same period of time, a lot of time and energy has been devoted to improving cybersecurity and cyber hygiene.
Sadly, despite those good-faith efforts, it does not appear that consumers have become safer. In fact, it is clear by now that most individuals have, in one way or another, been affected by some sort of hack or data breach – either on a personal computer or through a company that they have entrusted with their sensitive information.
And it is likely only going to get worse.
In the last 15 years, as computers have become more ubiquitous, our data has become less centralized. Whether that is through the use of mobile devices or the cloud, our personal information is now on the move, out of our hands and potentially in the hands of others with less than pure motives.
Take the recent breach at Capital One, for example. This type of event, which exposed the personal information of more than 100 million people, occurred because a hacker was able to access data housed on a cloud storage provider. As in previous breaches at companies like Target, Home Depot, Ashley Madison, Facebook, Marriot, and Equifax, consumers, through no fault of their own have seen their risk of identity theft grow substantially.
Unfortunately, the situation seems to get worse before it gets better. Indeed, over the last 18 months, a dangerous series of exploits that take advantage of hardware flaws in computer processors were revealed. These flaws represent a relatively new type of threat to consumers, affecting both the security and performance of nearly every computer on the planet.
Exploits that take advantage of these flaws – with scary names like “Spectre,” “Meltdown” and “Zombieload” – affect millions of computers and servers globally, particularly those that rely on Intel processors. This represents an ongoing and evolving threat to consumers because new versions continue to be found. The exploits, in short, can allow a hacker to obtain unauthorized access to privileged information. And while patches have been released alongside each exploit, they have led to a decrease in computer speed and performance – as much as 40 percent according to some reports. In addition, the patch is only good until the next exploit is discovered.
The flaws create a real challenge for consumers: apply each temporary “fix” as new exploits are discovered and risk slowing down your device, or don’t and put your sensitive information at risk. Consumers who apply patches remain at the mercy of companies that hold their sensitive data and are faced with a similar dilemma, particularly as they must consider the expenses of implementing these fixes – including costs to add computing power lost by each patch.
We cannot lose sight of the need to better secure our information and systems moving forward. Awareness and smart data hygiene by consumers is one part. Companies must do their part to secure our information as well.
There is also a role for lawmakers to play. Data security bills like the Consumer Privacy Protection Act of 2017 would require companies to take preventive steps to defend against cyberattacks and data breaches, and to quickly provide consumers with notice and appropriate protection when a data breach occurs. Consumers have a right to data security and data privacy, and Congress should take action accordingly to protect them.
John Breyault is Vice President of Public Policy, Telecommunications and Fraud at the National Consumers League and heads the group’s #DataInsecurity Project, Fraud.org and Alliance Against Fraud campaigns.