Security breach fatigue: So many hacks that nobody cares anymore

Do you feel exhausted when you hear about compromised bank and retail accounts? You may suffer from Security Breach Fatigue.

An SEC filing yesterday revealed that 76 million households and 7 million businesses were affected by a breach that took place at J.P. Morgan over the summer.

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1567650,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"A"}']

That’s the largest in a string of security hacks that have hit consumers over the course of 2014. While account information was clearly stolen in retail security hacks, J.P. Morgan writes in its filing that “there is no evidence that account information for such affected customers -– account numbers, passwords, user IDs, dates of birth or Social Security numbers –- was compromised during this attack.” So far, no money has gone missing.

However there could be far more serious implications. An article in the New York Times states that the offending hackers made off with a list of applications and programs that run on J.P. Morgan’s computers, which means this could be just the first step in an even greater hack on the bank’s network.

“The hard truth about this breach is it could happen to anyone,” Sanjay Beri, founder of cloud security company Netskope, wrote in an email to me.

Beri’s comment is the same mantra that’s been echoed in the media for almost the entirety of 2014. Starting with the breach of Target, followed by Nieman Marcus, Michaels, P.F. Chang’s, Albertsons, SuperValu, and finally Home Depot, consumers have been repeatedly hit with news that their personal information has been stolen from the brands and institutions they trust. In May, CNN noted that roughly half of all adults in the U.S. had personal information compromised in one of these attacks.

With the details of this latest hack coming to light, it’d be hard to imagine that consumers are not feeling a little fatigued. Everything is ultimately hackable, and banks especially are bombarded with security attacks daily. And that reality may be creating apathy towards breaches among consumers.

“We, as a society, are becoming desensitized to data loss, and it takes increasingly larger breaches to capture our attention,” Mike Flouton, VP of product marketing for SilverSky told me. He said that breaches at smaller retailers and banks are also happening and those institutions aren’t as well equipped as a JP Morgan or a Bank of America to notice intrusions.

“It’s a safe bet that a staggering percentage of data breaches are never discovered, and when discovered are kept out of the news,” he said. The main thread here is that our data is vulnerable and there isn’t a lot we can do about it.

When I reached out to Keith Stewart, VP of product at data center security firm vArmour, he said that the breaches at major retailers and banks remind him of the hacks Microsoft’s operating system suffered 10 year ago. “Microsoft was getting hacked every day and people were angry, and you had this combination of fatigue and anger,” he said. Consumers were becoming numb to the numerous anti-virus alerts popping up on their computers, but they were also annoyed.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1567650,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,security,","session":"A"}']

Ultimately, over the course of years, Microsoft had to figure out how to fix security, not just patch it or issue updates. “It was not about doing what you’re doing a little bit better and hoping for different results. It was about taking an entirely new approach,” said Stewart.

And it got better, but only after Microsoft spent years approaching security differently as a company, Stewart said.

Banks and retailers need to redress the way they handle security, and that isn’t going to happen overnight, which means we’ll likely see more and possibly bigger attacks in the coming months. But if they focus on changing security protocols rather than making quick fixes, they can mitigate the damage to consumers and their brands.