Data Breach Research Paper
Cost of Data Breaches
When data breaches occur, it can be extremely costly towards a company. They may be required to pay fees directly to consumers, or pay for technology that increases their security so a hack does not occur again. Either way, corporations should understand the cost that a hack of consumers’ information could cost them. Ponemon Institute researched this and found, “data breaches cost companies an average of $221 per compromised record – of which $145 pertains to indirect costs, which include abnormal turnover or churn of customers and $76 represents the direct costs incurred to resolve the data breach, such as investments in technologies or legal fees” (2016 Cost of). Corporations should invest more into security systems …show more content…
to be preventative about attacks. They also should invest more into employee training as well, because the Ponemon Institute also noted, “23 percent of incidents were caused by negligent employees, and 27 percent involved system glitches that included both IT and business process failures” (2016 Cost of). This data demonstrates that companies have the capabilities to stop almost half of all cyber-attacks just by training employees better and investing more in their technologies that would prevent system glitches. Ponemon Institute also noted this in their report stating, “Incident response plans and teams in place, extensive use of encryption, employee training, BCM involvement or extensive use of DLP reduced the cost of data breach” (2016 Cost of). Data breaches are extremely costly to companies, and they should continue to invest more funds into improving their technology to protect consumers, as well as the company's pocket books. However, companies have been slow to adopt this approach of increasing training to employees and increasing the amount of money devoted to improving security technology. As data cost increase, more companies should follow suit and move to this more sustainable model.
Web Trackers
For a majority of internet companies, tracking a user's internet history is a lucrative business as it reveals habits that a consumer has.
These types of trackers are known as web trackers, and are utilized on almost every website on the web. Web tracking is important to look at because Americans do express concern over internet cookies and web tracking. A poll of 1017 Americans done by Craig Newmark, Rad Campaign and Lincoln Park Strategies found, “72% are concerned about ‘Tracking Cookies’ placed on computers without consent” (Newmark). Web tracking is a process that involves a consumer as well as a website and other third parties. A consumer visits a website and then a web cookie from that site is downloaded onto the computer of the user. Third party advertisers also download a cookie that stores information about a machine. These cookies provide a unique identifier to the computer and the user. Then, if the consumer visits other websites with the same third party, or web owner, they will also know that this consumer visited another one of their pages. Tracking cookies have become extremely prominent on web pages. Keynote Systems did a report in 2012 and found “ 86% of the sites place one or more third-party tracking cookies on their visitors” (Messmer). As discussed earlier, this compromises a person's privacy information because the third-party trackers can discover which other sites a person may have been on, and considering most sites have them, a third-party cookie could nearly know every website that a person
visits.
Tracking cookies are exceedingly different from regular cookies. Walter Mossberg from the Wall Street Journal further defines what a normal cookie is; “Cookies are small text files that Web-site operators -- and third- party companies that insert ads into Web sites -- place on a user's computer. Several types of cookies are harmless or even helpful. For instance, a cookie might help a website remember your preferences for what news topics you chose to see” (Mossberg). A tracking cookie on the other hand, provides a miniscule amount of useful information to the consumer. The tracking cookie does not improve the website at all, except for possibly making advertising more targeted to the consumer. Because they do not provide much to the consumer, a majority of Americans believe that tracking cookies are a privacy violation, especially because most consumers are unaware when they are downloaded onto their computer.
There are two distinct types of cookies that are commonly used on the internet. One type is the HTTP cookie, which can store 4kb worth of data in a text document. This can include IP information as well as other useful identifiable information. More sophisticated cookies may include other information and log keystrokes on a given site and send that information back to a third-party. The HTTP cookie can also be set to expire and delete itself at the end of a browsing session, or it can stay on a hard drive forever; however, the HTTP cookies can easily be deleted. It has been shown that consumers “over 30% of users do delete first-party HTTP cookies once a month” (Fomenkova). This prompted a response from the tracking industry to create better web trackers which used flash. Flash cookies are much larger than HTTP cookies as they can hold 100kb of data. “use of Flash cookies is typically not disclosed in the website's privacy policy. Out of the top 100 sites only four mentioned this method of tracking” (Fomenkova).
The concerns of third-party tracking prompted response from major tech companies to start “Do Not Track” feature on web browser to prevent third-party tracking. This was further incentivized by the Web Consortium in 2012 when they worked with internet browsing companies to develop a standard way to handle “Do Not Track” requests. The Wired noted, “While the new DNT header is already part of Firefox, Internet Explorer and Safari, and a wide range of sites now respect it, it has lacked one key ingredient — standardization. The new Tracking Protection Working Group is the first step on the road to standardization and will hopefully mean Opera and Chrome will both soon adopt the DNT header” (Gilbertson). The standards were successfully implemented, and now nearly all major browsers offer a “Do Not Track” feature in the settings of the browser.
Unfortunately, the “Do Not Track” requests do not need to be honored by the website that the request is being sent to. This issue what brought to the FCC in 2015, where the FCC stated that “we dismiss Consumer Watchdog’s request that the Commission initiate a rulemaking proceeding requiring ‘edge providers’ (like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn) to honor ‘Do Not Track’ Requests from consumers.” The Commission has been unequivocal in declaring that it has no intent to regulate edge providers” (“Bureau Dismisses Petition”). This FCC ruling significantly hinders the ability for a person to hide personal tracking information because companies can refuse to act upon those requests. “Do Not Track” would have been a successful measure consumers could take to protect their privacy, if it was required to be honored. As it stands, most companies do not honor “Do Not Track” requests so turning the feature on will not significantly reduce one’s tracking.
Tracking is Preventable
Web tracking may be a lucrative business, but the consumer does have ways to prevent companies from keeping track of their search history. Even though methods such as “Do Not Track” have not worked, there are a plethora that have. Consumers have historically been interested in protecting their privacy online and preventing companies from tracking them. Pew Research conducted a survey in 2013 which found, “86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email, from avoiding using their name to using virtual networks that mask their internet protocol (IP) address” (Rainie). Clearly, consumers are particularly concerned with their privacy online. Luckily, there are several tools that can reduce tracking. Two common apps to prevent website tracking via cookies are Ghostery and Privacy Badger. The two apps are add-ons that can be installed into web browsers such as Chrome and Firefox. Ghostery works by blocking advertisers and other third party apps from tracking a website. “The embedded tracking snippets do not get blocked before the user approves, which allows for manual inspection and ensures compatibility. Consequently, the user can balance the trade-off between anonymity, functionality, and usability” (Herman). Privacy Badger works similarly, but has a few distinct differences. “The user gets visual feedback via green, yellow, or red slides. Furthermore, Privacy Badger maintains a so-called cookie-blocking yellow list to identify and allow tracking activities, which are important for certain functionalities, while altering of third-party cookies and referrers is still enforced” (Herman). Privacy Badger has more functionality than the more popular Ghostery. Privacy Badger has a UI that displays a red, yellow, or green color next to a tracking website to show how much data that company is collecting and if it is functional or not. This would allow the user to specify which cookies are blocked, so that the normal function of the webpage would not be hindered.
Remaining Anonymous Online
When data breaches occur, it can be extremely costly towards a company. They may be required to pay fees directly to consumers, or pay for technology that increases their security so a hack does not occur again. Either way, corporations should understand the cost that a hack of consumers’ information could cost them. Ponemon Institute researched this and found, “data breaches cost companies an average of $221 per compromised record – of which $145 pertains to indirect costs, which include abnormal turnover or churn of customers and $76 represents the direct costs incurred to resolve the data breach, such as investments in technologies or legal fees” (2016 Cost of). Corporations should invest more into security systems …show more content…
to be preventative about attacks. They also should invest more into employee training as well, because the Ponemon Institute also noted, “23 percent of incidents were caused by negligent employees, and 27 percent involved system glitches that included both IT and business process failures” (2016 Cost of). This data demonstrates that companies have the capabilities to stop almost half of all cyber-attacks just by training employees better and investing more in their technologies that would prevent system glitches. Ponemon Institute also noted this in their report stating, “Incident response plans and teams in place, extensive use of encryption, employee training, BCM involvement or extensive use of DLP reduced the cost of data breach” (2016 Cost of). Data breaches are extremely costly to companies, and they should continue to invest more funds into improving their technology to protect consumers, as well as the company's pocket books. However, companies have been slow to adopt this approach of increasing training to employees and increasing the amount of money devoted to improving security technology. As data cost increase, more companies should follow suit and move to this more sustainable model.
Web Trackers
For a majority of internet companies, tracking a user's internet history is a lucrative business as it reveals habits that a consumer has.
These types of trackers are known as web trackers, and are utilized on almost every website on the web. Web tracking is important to look at because Americans do express concern over internet cookies and web tracking. A poll of 1017 Americans done by Craig Newmark, Rad Campaign and Lincoln Park Strategies found, “72% are concerned about ‘Tracking Cookies’ placed on computers without consent” (Newmark). Web tracking is a process that involves a consumer as well as a website and other third parties. A consumer visits a website and then a web cookie from that site is downloaded onto the computer of the user. Third party advertisers also download a cookie that stores information about a machine. These cookies provide a unique identifier to the computer and the user. Then, if the consumer visits other websites with the same third party, or web owner, they will also know that this consumer visited another one of their pages. Tracking cookies have become extremely prominent on web pages. Keynote Systems did a report in 2012 and found “ 86% of the sites place one or more third-party tracking cookies on their visitors” (Messmer). As discussed earlier, this compromises a person's privacy information because the third-party trackers can discover which other sites a person may have been on, and considering most sites have them, a third-party cookie could nearly know every website that a person
visits.
Tracking cookies are exceedingly different from regular cookies. Walter Mossberg from the Wall Street Journal further defines what a normal cookie is; “Cookies are small text files that Web-site operators -- and third- party companies that insert ads into Web sites -- place on a user's computer. Several types of cookies are harmless or even helpful. For instance, a cookie might help a website remember your preferences for what news topics you chose to see” (Mossberg). A tracking cookie on the other hand, provides a miniscule amount of useful information to the consumer. The tracking cookie does not improve the website at all, except for possibly making advertising more targeted to the consumer. Because they do not provide much to the consumer, a majority of Americans believe that tracking cookies are a privacy violation, especially because most consumers are unaware when they are downloaded onto their computer.
There are two distinct types of cookies that are commonly used on the internet. One type is the HTTP cookie, which can store 4kb worth of data in a text document. This can include IP information as well as other useful identifiable information. More sophisticated cookies may include other information and log keystrokes on a given site and send that information back to a third-party. The HTTP cookie can also be set to expire and delete itself at the end of a browsing session, or it can stay on a hard drive forever; however, the HTTP cookies can easily be deleted. It has been shown that consumers “over 30% of users do delete first-party HTTP cookies once a month” (Fomenkova). This prompted a response from the tracking industry to create better web trackers which used flash. Flash cookies are much larger than HTTP cookies as they can hold 100kb of data. “use of Flash cookies is typically not disclosed in the website's privacy policy. Out of the top 100 sites only four mentioned this method of tracking” (Fomenkova).
The concerns of third-party tracking prompted response from major tech companies to start “Do Not Track” feature on web browser to prevent third-party tracking. This was further incentivized by the Web Consortium in 2012 when they worked with internet browsing companies to develop a standard way to handle “Do Not Track” requests. The Wired noted, “While the new DNT header is already part of Firefox, Internet Explorer and Safari, and a wide range of sites now respect it, it has lacked one key ingredient — standardization. The new Tracking Protection Working Group is the first step on the road to standardization and will hopefully mean Opera and Chrome will both soon adopt the DNT header” (Gilbertson). The standards were successfully implemented, and now nearly all major browsers offer a “Do Not Track” feature in the settings of the browser.
Unfortunately, the “Do Not Track” requests do not need to be honored by the website that the request is being sent to. This issue what brought to the FCC in 2015, where the FCC stated that “we dismiss Consumer Watchdog’s request that the Commission initiate a rulemaking proceeding requiring ‘edge providers’ (like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn) to honor ‘Do Not Track’ Requests from consumers.” The Commission has been unequivocal in declaring that it has no intent to regulate edge providers” (“Bureau Dismisses Petition”). This FCC ruling significantly hinders the ability for a person to hide personal tracking information because companies can refuse to act upon those requests. “Do Not Track” would have been a successful measure consumers could take to protect their privacy, if it was required to be honored. As it stands, most companies do not honor “Do Not Track” requests so turning the feature on will not significantly reduce one’s tracking.
Tracking is Preventable
Web tracking may be a lucrative business, but the consumer does have ways to prevent companies from keeping track of their search history. Even though methods such as “Do Not Track” have not worked, there are a plethora that have. Consumers have historically been interested in protecting their privacy online and preventing companies from tracking them. Pew Research conducted a survey in 2013 which found, “86% of internet users have taken steps online to remove or mask their digital footprints—ranging from clearing cookies to encrypting their email, from avoiding using their name to using virtual networks that mask their internet protocol (IP) address” (Rainie). Clearly, consumers are particularly concerned with their privacy online. Luckily, there are several tools that can reduce tracking. Two common apps to prevent website tracking via cookies are Ghostery and Privacy Badger. The two apps are add-ons that can be installed into web browsers such as Chrome and Firefox. Ghostery works by blocking advertisers and other third party apps from tracking a website. “The embedded tracking snippets do not get blocked before the user approves, which allows for manual inspection and ensures compatibility. Consequently, the user can balance the trade-off between anonymity, functionality, and usability” (Herman). Privacy Badger works similarly, but has a few distinct differences. “The user gets visual feedback via green, yellow, or red slides. Furthermore, Privacy Badger maintains a so-called cookie-blocking yellow list to identify and allow tracking activities, which are important for certain functionalities, while altering of third-party cookies and referrers is still enforced” (Herman). Privacy Badger has more functionality than the more popular Ghostery. Privacy Badger has a UI that displays a red, yellow, or green color next to a tracking website to show how much data that company is collecting and if it is functional or not. This would allow the user to specify which cookies are blocked, so that the normal function of the webpage would not be hindered.
Remaining Anonymous Online