Over-collection of data actually placing consumers at greater risk

Cyber-attacks target the sheer amount of data that financial institutions keep to themselves

Over-collection of data actually placing consumers at greater risk

The larger and more frequent cyber-attacks on Canadian institutions might be stemming from the unchecked gathering of personal data, according to Datarisk Canada security expert Claudiu Popa.

“There’s definitely a rise in personal data theft, there’s a rise in data breaches,” Popa told The Canadian Press.

At present, any given organization anywhere in the world has a 30% chance of suffering a data breach within two years, an IBM study found. This was a noticeably larger figure than the 23% reading in 2014.

The latest, and arguably among the worst, of these was the attack on Capital One’s cyber infrastructure this week. The breach placed at grave risk the sensitive personal and financial data of much as six million Canadians and a hundred million U.S. citizens.

Approximately a million Canadian social insurance numbers – along with around 140,000 U.S. Social Security numbers and roughly 80,000 linked bank account numbers – were left vulnerable by the attack.

Popa stated that the sheer volume of the data involved should raise crucial questions: Why do these institutions keep devising new justifications for keeping and using the information? How soon will they dispose of the data that often ends up magnetizing cyber-miscreants?

“It’s almost harder for us to anticipate what legitimate businesses are going to think up doing with the information that, for the most part, they over-collect, rather than for us to keep ahead of criminals.”

Earlier this year, Carbon Black warned that cyber threats pressing upon Canada will likely intensify as 2019 rolls onward.

“Organizations in Canada are under intense pressure from escalating cyber-attacks,” Carbon Black chief cyber-security officer Tom Kellermann said. “The research indicates increases across the board in attack volume and sophistication, causing frequent breaches.”

Carbon Black stressed phishing as a particularly insidious method. Approximately one in five successful breaches was found to have stemmed from human error.