If you are like me, you probably didn’t celebrate the recent 11th Data Privacy Day. That’s because this might be the first time you heard about it. The Data Privacy Day is intended to be a reminder that all of us must stay attuned to online privacy and protection. But in the age of multimillion-dollar lawsuits related to data misuse and data breaches that pepper the news almost on a weekly basis, one could argue that every day should be a data privacy day.
The number of reported breaches from May 2018 until January 2019 is over 41,000, while 2018 was one of the worst years on record in terms of data breaches, with more than 1 billion people having their data compromised in 2018 alone. The costs of all this is in the billions of dollars and according to the IBM Security 2018 Cost of a Data Breach Study, the United States is the most vulnerable nation to data breaches. According to the study, the average incident in the United States comes with a price tag of $7.91 million, while the average per capita cost is $233, the highest in the world.
Data breaches are subjecting billions of consumers to the threat of identity theft and loss of privacy, and while consumers are now starting to demand their privacy be protected, it is the Congress who must also work on national privacy legislation to set clear rules that safeguard consumers and give companies room to evolve and innovate on a level playing field.
The American Consumer Institute (ACI) recently published two studies highlighting the cybersecurity risks that consumers are facing. One of the reports, titled “How Safe Are Popular Apps,” shows that many popular apps are not as secure as they should be. The majority of apps currently rely on open source code that allows application developers to share programming components, but it also makes it easier for hackers to find opportunities to steal or corrupt data by mining for known vulnerabilities.
ACI analyzed 330 of the most popular Android apps in the United States and found “an average of six vulnerabilities per app over the entire sample.” That is astounding, considering many of these apps are used every day, everywhere around the world, for everything from finance to personal health or games. These findings highlight the need to improve continually the products and cybersecurity practices to protect customers from breaches.
ACI went back to check how the most popular apps are doing, and using the same methodology, we tested whether the apps have been updated and patched for known vulnerabilities. What we found is concerning. Of the 13 most popular social media and networks apps, 10 were found to have security vulnerabilities with an average of 127 vulnerabilities per identified apps!
From the sample, 68 percent of the vulnerabilities were considered “high risk” or “critical.” As you might expect, exploitation of “high risk” vulnerabilities could result in a significant data loss or downtime, “critical” vulnerabilities go even further, potentially resulting in root-level compromise of the system and total data disclosure.
But not all data is created equal. The costs associated with breaches of highly sensitive data, such as Social Security numbers, passwords and credit card numbers, are much higher than say demographic data. So, we also tested the most popular online shopping apps. Only eight of the 13 apps passed the scrutiny.
The total number of known vulnerabilities found is staggering: 1,167, of which 62 percent were considered “high risk” or “critical.” These findings further stress the urgency and need for apps providers to develop and adopt best practices now to reduce these risks.
The forecasts for 2019 are grim. The United States may experience its first large-scale attack on critical infrastructure in 2019, according to Experian’s 2019 Data Breach Industry Forecast. That includes electric power utilities and nuclear plants, and it could result in potential crippling economic consequences.
Despite major security advancements, there is no sign of slowing down in the amount of data breaches and number of consumers affected every year. While consumers are demanding for their privacy to be protected, the hodgepodge of outdated federal and emerging regulations only increases confusion among consumers and companies about their rights and responsibilities.
Data Privacy Day reminds consumers once a year of the need to protect online data and privacy, but it is the role of Congress legislate workable policy solutions. The Congress should acknowledge that protecting the online privacy of American consumers is a non-partisan issue, and it should be one of its priorities in 2019. A national privacy framework would be the optimal solution to prevent a growing patchwork of competing and contradictory laws that harms the economy, stifles innovation, and fails to improve privacy outcomes for consumers.