Q&A: Are consumer data breaches the new normal?

ASU global security expert Jamie Winterton weighs in on recent Equifax breach

September 7, 2017

On Sept. 7, Equifax Inc. announced a breach of data impacting about 143 million U.S. customers. The information affected includes names, Social Security numbers, birth dates, addresses and some driver’s license numbers.

ASU Now spoke with Jamie Winterton, director of strategy in ASU’s Global Security Initiative, to learn more about why breaches are so common and what impacts consumers face as a result.  binary code Download Full Image

Question: Data breaches have become so common. Should consumers consider these instances to be a new normal?

Answer: I wish I could say no, but, unfortunately, data breaches are a fairly common event. And the numbers are staggering. The Equifax breach affected 134 million people — that’s almost half the population of the U.S.

Perhaps more concerning is that consumers aren’t always notified immediately when their data has been compromised. Equifax mentioned in the press release that the files were accessed sometime between mid-May and July, through an unspecified web-based vulnerability. So, several months passed where an affected individual’s data could’ve been used for identity theft.

Q: What kinds of challenges exist for cybersecurity professionals who are trying to stay a step ahead of hackers?

 Global Security Initiative
Jamie Winterton

A: Hackers are incredibly creative — there’s a saying that “red team only has to be right once.” This means that, for all the security protections a company takes, a hacker just needs to find one vulnerability to exploit. Staying on top of all the potential methods of attack is one challenge.

Another challenge is that companies often don’t prioritize cybersecurity until it’s too late. We’re still too vulnerable to known methods of compromise. We don’t yet know the exact methods that the Equifax hackers used, but most often, hackers compromise a network by exploiting known security issues in the system. It’s very unusual that a hacker will have to use a brand-new method of breaking in (also known as a “zero day”). It can be difficult for information security professionals to keep security at the top of the list, when there are so many other pressing business needs for a company to address.  

Q: Equifax has created a website to help consumers determine whether their information has been comprised and is offering identity theft protection. Is there anything else consumers can actively do to prevent damage in these situations?

A: First, never use any personal data in your passwords. Too many people still use their date of birth, middle name or some combination of information that is easy to reconstruct from these breaches. Identity theft protection is a good idea, especially if you’ve been breached — it won’t stop someone from using your data, but it will alert you to suspicious activity, like loans being taken out in your name, or unusual credit card activity. Finally, be aware of things like your credit score and credit history. The longer it takes to find malicious activity, the longer it takes to recover.

Arnold Maltz to serve as 2017–18 University Senate President

September 8, 2017

Associate Professor Arnold Maltz of the W. P. Carey School of Business' Department of Supply Chain Management will serve as the 2017–18 ASU University Senate President. The University Senate is the university body designated to represent faculty and academic professional perspectives in policymaking recommendations at Arizona State University. 

Maltz has been at ASU since 1997 and active on the University Senate since the 2013–14 academic year. During his tenure with the University Senate, Maltz has served as the chair of the Research and Creative Activities and Curriculum and Academic Programs Committees and served as the Tempe campus Senate president during the 2015–16 school year. In addition to extensive committee experience, Maltz has served his peers on the High Performance Computing Task Force and Academic Integrity Task Force. He is committed to shared governance as he represents each of ASU’s 3,400 faculty members and academic professionals.  ASU Associate Professor Arnold Maltz Arnold Maltz, who teaches in the W. P. Carey School of Business' Department of Supply Chain Management, has been at ASU since 1997 and active on the University Senate since the 2013–14 academic year. Download Full Image

Maltz has high goals for the Senate for the new school year.

“We are excited about the upcoming year. I am anticipating we will take on the task of reviewing our online education programs and work towards developing recommendations to help ASU maintain our leadership position in this vital educational realm,” he said.

Maltz also pointed to ongoing work by the Personnel Committee in regards to salary and merit raises, and benefits discussions as they relate to faculty members and academic professionals at ASU.

“Each of our Senate standing committees serves a very important role in the shared governance process, and they will certainly be very busy this upcoming year,” Maltz said.

More information can be obtained at the ASU University Senate's website, usenate.asu.edu.

Written by Charles Barbee, director, University Senate.