Who is responsible for encrypting data?
Fortunately, the mass Target outage dubbed the Targetpocalypse does not appear to have been the result of a data breach. Stores nationwide saw their registers go offline on Saturday, much to the chagrin of consumers who were left unable to consume. A subsequent statement from the company explained it was simply a technological error at fault. Customer information was also reportedly not compromised.
It just goes to show, though, how dominant the topic of data breaches has become, that the possibility was probably the first thing that jumped into many people’s minds. It definitely was for me when I saw it trending. Especially when you recall the incident from five years ago, when Target indeed suffered unauthorized access to its payment terminals.
Now, this current Targetpocalypse might have been a false flag (as was the supposed Marvel Comics breach that turned out to be a teaser for a new Captain America and Wolverine series), but there is no shortage of real incidents that account for the respondents in the recent CIGI-Ipsos Global Survey on Internet Security and Trust, who say their distrust in the Internet has influenced their online practices. 25,000 internet users were surveyed across two dozen countries, and 49% of those claimed their distrust has made them more discreet about disclosing personal information online. 39% say they now use the internet “more selectively.”
Covering this research, the Internet Society highlights how only 19% appear to be employing more sophisticated tools—like encryption or virtual private networks (VPNs)—on their own. But I don’t believe that’s a realistic expectation. It’s still a challenge to convince people of the importance of using different passwords across accounts. To expect them to go out and deploy their own means of encryption is a bit much; not to mention, it shifts the burden from the organizations, which have this responsibility, to the individual.
While there would be no real downside to more users adopting these methods, already we are advised to proactively alter our online habits, vigilantly monitor our financial accounts, and scope out the companies and websites that observe the best security standards. Expecting users to account for their own encryption, on top of all that, would be overly complex and not realistic at this time.