If you’re still harboring illusions of data privacy, perhaps it's time to face facts.
According to statistics released this month by Amsterdam-based security company Gemalto, 888 data breaches occurred in the first half of 2015 — compromising 246 million records worldwide.
Compared to the first half of 2014, data breaches increased by 10 percent, Gemalto reported,
On the bright side, the number of compromised data records declined by 41 percent during the first six months of this year.
There were simply fewer mega breaches between January and June, compared to the same period last year.
But Hold On
Don't reach for your rose-colored glasses just yet: These statistics were compiled before a group calling itself "The Impact Team" stole the user data of Ashley Madison and leaked more than 25 gigabytes of company data, including user details.
Ashley Madison promoted itself as the place where 37 million users could connect to have discreet affairs.
Since its user data was posted online in August, the company has seen its IPO dreams replaced with the reality of multiple lawsuits.
Angry customers are alleging negligence, breach of contract and privacy violations. Ashley Madison failed to take reasonable steps to protect the security of its users, including those who paid a special fee to have their information deleted, they argue.
To say data breaches reveal a company’s underbelly is an understatement.
Just ask Sony, which was crippled during the 2014 holiday season from a massive cyber attack.
The attack revealed sordid details such as a derogatory email about President Barrack Obama and forced the company to rethink the release date of The Interview, a Seth Rogen-James Franco movie.
So what insights can we draw from these ongoing attacks?
Maybe the best lesson is the imperative of maintaining due diligence in what is promised and delivered to customers.
Delivering as promised is certainly the intent of every ethical business.
But data attacks can lay bare a number of operational gaffes that could be innocuous if privately addressed, but embarrassing when publicized.
A downside of unorthodox marketing, such as guerilla marketing, is that what is promised to customers can scale faster than the company's ability to deliver.
If a company is promising a feature, but still developing its functionality, a timely leak can make sloppy operations look suspiciously like fraud. In Ashley Madison’s case, its operation raises questions regarding how it promised privacy to its customers.
Companies are foolish to market features that are at best in beta testing — and even more foolish to charge for those features.
Facebook learned this lesson back in 2011.
The Federal Trade Commission alleged the giant social network misled users about the privacy of data shared on the site.
Facebook "deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public," the FTC said in a statement announcing a settlement of the case.
Since then Facebook, has made strides to improve its reputation among its users (and the FTC).
CNET reported that Facebook just recently started ThreatExchange, a program where companies share their collective knowledge about hacking attacks to warn each other.
Facebook doesn't have a perfect reputation yet, but it's improved in the past few years.
And numbers suggest Facebook usage has surpassed user concerns, with founder and CEO Mark Zuckerberg announcing that 1 billion users were actively logged into the site in one day.
Public Companies Can't Hide
Facebook’s efforts should serve as a guideline for small companies seeking an IPO.
The price of going public means prioritizing customer privacy. It also means making an ongoing effort to develop protocols, particularly ones end users can see and appreciate.
Consider Facebook’s just announced Security Checkup tool. It's a notification that appears above the user’s newsfeed to allow reviews of the security settings. It also offers opt-in options to alerts about issues such as attempted hijackings.
The visibility of this feature counters Ashley Madden’ assurances to its customers that it expunged user information.
Ashley Madison now faces potential FTC involvement and a $578 class-action lawsuit because of its claim that it erased membership details at the end of usage.
The site offered a "full delete" service to remove all traces of a user’s profile and conversation.
But a number of users who paid for the delete service argue they never received the service.
Their proof: their personal details and payment information were discovered in the company's leaked data.
Going forward, more businesses may realize they can better manage their operations through analytic behaviors.
Newer analytics technologies incorporate data sources to provide better operations and marketing analysis. They can be programmed to detect unusual behavior or trend deviations.
Security analytics are an antidote to soaring numbers of breeches, which Gartner reports are at an all-time high.
There's broad and far-reaching fallout from data breaches, ranging from time and money to loss of careers and, tragically, lives. There are reports that Ashley Madison users, whose actions were publicized in the breach, have committed suicide.
Meanwhile the CEO of the company's parent company, Avid Life Media, recently resigned
Executives and entrepreneurs should reflect on the potential consequences of data breaches — and take every possible step to minimize attacks.
Title image by Tim Gouw.