Data breaches are now so common – and so large – that we measure them in percentage of worldwide internet users. Although Equifax doesn’t even make it into the top 5 at 4.08% of the approximately 3.5 billion internet users, news of it rocked citizens of the US when announced. The Equifax breach has unique characteristics that will change consumer behaviors in the US.
One critical element of the Equifax breach is that it did not expose credit cards numbers – which is a hassle but can be replaced – but exposed hard and even impossible to replace and change information such as names, Social Security numbers, birth dates, addresses, and, in some instances, driver’s license numbers. The amount and type of data loss experienced in this breach will change how consumers look to purchase goods. From Forrester’s ConsumerVoices Market Research Online Community, consumers said they would stop:
With consumer confidence and trust waning, Social Security numbers as a form of identification called into question, and the security of data being stored by data aggregators questioned, expect shockwaves throughout the data economy.
The Equifax breach also highlighted the ever-increasing enterprise dependence on open source software and the associated risks that come along with it. Combined with the lack of multilayered application protection for revenue-generating applications, security leaders find themselves unready to defend their firm’s digital transformation. A startlingly few number of developers work on the open source components most customer-facing applications rely on.
For example, a single developer is responsible for 85.19% of all code changes for Apache Tomcat, and just one developer is responsible for 80.08% of all code changes in Apache Struts. This is why security fixes are delivered only on the latest version of an open source component.
Should we stop using open source? No. But we need to strengthen governance of open source components, supercharge our ability to quickly remediate vulnerabilities, all while avoiding making data security the sole problem of software developers. The intersection of data, code, and revenue in our data economy demands a set of layered protections.
This article is from a Forrester blog. The original content is here.