Thursday of last week, I finally turned my revised book proposal for my non-fiction privacy and data security book to the agent who I have been working with. It took me almost three weeks to make the revisions we discussed, including a new title. Behold, NAVIGATING THE BREACH is now ANTI-THEFT ARSENAL. Along with the new name, Day has designed a new cover, pictured to the right. I really love the castle-lock icon and will probably adopt it as a logo.
The agent I am working with had a lot of excellent advice. Over the last couple weeks, I have revised almost every section of the proposal and sample chapter. Below is my revised Executive Summary:
In December 2013, Target Corp.’s point-of-sale system suffered a massive data breach. Hackers made off with 70,000,000 customer names, addresses, phone numbers, and e-mail addresses and 40,000,000 credit and debit card numbers with expiration dates, pins and CVV numbers, the author’s included. To put that number in perspective, consider that 40,000,000 people is almost 13% of the entire population of the United States and the total number of 110,000,000 is approximately 35% of the U.S. population. It is staggering and the second largest breach in history after Adobe Systems, Inc., which had 152,000,000 records stolen (almost half the population of the United States) just two months before, in October. Of particular concern is that the hackers penetrated Target through stolen credentials they obtained from Target’s refrigeration system contractor, Fazio Mechanical Services, Inc.
Debate still rages as to whether the hackers exploited a flaw in Target’s network access controls using these credentials or stumbled upon some back door. Data security experts agree, however, that these credentials should not have been compromised, and, even if compromised, the hackers should not have been able to access any system of importance using the Fazio credentials, especially sensitive customer data. Regardless of what the final report will say, the damage to Target’s earnings and reputation is done. In the fiscal quarter after the breach, Target’s net income was down 46% year-over-year. Revenues decreased 3.8%, earnings per share decreased 21.2%, and the number of transactions dropped by 5.5%. In that quarter alone, Target incurred over $17,000,000 in breach-related expenses, including fees for legal counsel, investigation, card replacements, increased staffing in call centers, and credit-monitoring services. This number will increase as Target continues to respond to the breach. Target’s stock also suffered a 15% drop immediately after the breach. Even if Target recovers its out-of-pocket costs from Fazio or insurance proceeds, the damage to its reputation and consumer confidence is done.
Target’s tragic story seems less of an anomaly when you consider the following general statistics. Fifty percent of the world’s data security breaches occur within the United States, and weak or stolen credentials account for 76% of network intrusions. In the United States, over 600 million records containing sensitive personal information, from roughly 4,000 security breaches, have been stolen since 2005. Studies also show that incidence of reported breaches has increased over the last few years. Even before Target and Adobe, data privacy and security legal compliance was a hot-button topic for executives of companies of every size, and these concerns have only intensified. Small startups and Fortune 500 companies alike have the same questions and fears regarding data privacy and security.
Anti-Theft Arsenal is a comprehensive guide that helps business executives, compliance officers, and engineering teams prevent, respond to, and recover from security attacks, breaches and data loss. Written by former software developer and current data privacy and security corporate lawyer, Alia Luria, Anti-Theft Arsenal answers the most common questions that business people must ask in order to keep their customers and reputation in the marketplace safe from security breaches. Whether an organization already has a comprehensive plan or it is just now considering the possibilities of an attack on its systems, this book, in clear and simple language, equips readers with the anti-theft arsenal they need to avoid and mitigate the sort of attacks that have damaged or crippled such organizations as Target, Adobe, and many others. Using engaging examples and stories, checklists, worksheets, templates and action items, Anti-Theft Arsenal provides a practical toolkit readers can implement immediately in any organization, large or small, domestic or global, corporate, governmental, or not-for-profit.