October 2016 Newsletter
Securing Our Data in the 21st Century
In This Month’s Issue
As more and more of our information is stored in digital form by the companies we transact with on a daily basis, we examine the current state of cybersecurity and how we can protect ourselves as consumers.
In today’s electronic world it is difficult, if not impossible, to conduct our daily activities without interacting with corporations and the government on a digital basis. We have to trust that our financial, medical, and communications records are safe in the hands of these organizations in order to get the loans we need, see the doctors we want, and receive 21st century services. However, despite the headlines of recent major hacks and with cybersecurity now a top priority on the minds of many businesses and government agencies, the hacks appear to continue with accelerating frequency.
One main reason why this is a difficult problem for our society to tackle is that these hacks are coming from varying sources, using different methods, and with different motivations. The perpetrators of any given hack could range from a teenager in the basement of his parent’s house, to an organized criminal group, to state sponsored acts of espionage, to activists looking to break a story or further a cause. The stolen data could be names, physical addresses, emails, employee records, credit card information, social security numbers, login credentials, proprietary trade secrets, or sensitive government files and more.
According to the Identity Theft Resource Center, the US saw 780 total publicized data breaches in 2015 alone, with 177 million records exposed. This includes 78 million patient records at Anthem and the 22 million government employee files from the Office of Personnel Management. However, Symantec estimates that the true number of exposed records could have been closer to 500 million in 2015, as 85% of incidents either did not report the number of records compromised or were unsure about the extent of the exposure. Derek Manky, a Fortinet global security strategist said in a CNBC piece that “Every minute, we are seeing about half a million attack attempts that are happening in cyber space.
Figure 1 – Year over Year Change in Security Incidents 2014-2015
Source: PriceWaterhouseCooper’s Global State of Information Security Survey 2016
This year we saw what has to date been the largest recorded data breach in history, when Yahoo revealed that more than 500 million accounts had been compromised. The company reported that this attack occurred in 2014, yet is only now being revealed to the public. This highlights a major obstacle in this fight; the lack of consistent reporting by the companies and organizations affected. While we have been getting better at detecting where and when these breaches occur, there are many more that are simply never discovered.
Additionally, as more of our “things” become connected to the internet, the world of cyber hacking and physical materials will likely soon cross paths. Symantec estimates that by 2020 the number of connected devices will grow up to 300% from 6.4 billion today to over 20 billion in just the next four years. This matrix will include our TVs, cars, public transportation systems, and many medical devices. It also includes our power grids and other core infrastructure systems.
Three years ago, the Wall Street Journal estimated that the per year cost of cyber crime in the US was $100 billion. By 2015, that estimate had quadrupled to $400 billion and according to Juniper Research; by 2020 that cost will more than quadruple again to an estimated $2.1 trillion. Juniper cites the rapid digitization of consumers’ lives and enterprise records as drivers to that growth.
Figure 2 – Fraud Victims Remain Steady, but Losses Decline in 2015
While the frequency of attacks continues to rise, there is a clear downward trend in the monetary losses suffered by victims of these attacks. This trend suggests that companies, governments, and individuals are getting better at detecting and mitigating the damage caused by cyber attacks and fraud.
The good news is that while the number of fraud victims and the number of attacks continue to increase (figure 2), we appear to be getting better at dealing with them. Losses from fraud were at five year lows in 2015, and exhibiting a clear declining trajectory. As more capital flows to data security projects and corporate boards move these issues up higher on the priority scale, the technology and processes used to detect and mitigate the damage from these threats will continue to improve. Additionally, as we all help to educate each other and raise awareness of these potential dangers, prevention and early detection can limit personal losses.
The most important steps we can take as consumers is to spread awareness to our colleagues, families, and friends, while maintaining strong passwords and strict oversight on our credit reports and financial statements. It means using security software and being wary of opening emails and attachments from unidentified senders. As managers and business owners, it means taking ownership of cybersecurity in our firms and being proactive about prevention and threat identification. It is simply not practical to eliminate the use of electronic systems in most of our lives, so risk reduction techniques continue to be the best way to limit personal exposure to these situations.
Some Steps we take at The Philadelphia Group to Protect Our Clients’ Information
1. Encrypted Hard Drives on Company Computers
2. Sending Encrypted Emails that Contain Personally Identifiable Information
3. Routine Security Scans and Integration of Security Software
4. Encrypted Cell Phone Memory if Company Email is Accessible Through the Device
5. Single Machine Security Certificates for Accessing Client Accounts (Even with a password, we cannot log in on unregistered computers)
Chart of the Month
There is no doubt that the threat of cyberattack has commanded the attention and the capital of corporate boards and government officials. We can see cybersecurity spending in real dollar terms has doubled so far this decade and will likely continue to grow over the next several years.
Important Disclosure Notices
The opinions voiced in this material are for general information only and are not intended to provide specific advice or recommendations for any individual. To determine what is appropriate for you, consult a qualified professional.
Investing involves risk, including possible loss of principal.
Securities offered through LPL Financial, member FINRA/SIPC.
Investment advice offered through Private Advisor Group, a registered investment advisor. Private Advisor Group and The Philadelphia Group are separate entities from LPL Financial.
The economic forecasts set forth in the presentation may not develop as predicted and there can be no guarantee that strategies promoted will be successful.
Companies mentioned are for informational purposes only and not meant as a recommendation, and investments in these companies may not be suitable for all investors.
Tactical allocation may involve more frequent buying and selling of assets and will tend to generate higher transaction cost. Investors should consider the tax consequences of moving positions more frequently.
Because of their narrow focus, sector investing will be subject to greater volatility than investing more broadly across many sectors and companies.