Loyola University Chicago

Quinlan School of Business


The growing threat of data breaches

The growing threat of data breaches

"Business students not only need to learn how to work with data, but they must also learn how to take care of data," says Kaefer.

Mega breaches – that is, data breaches involving a million digital records or more – are becoming more frequent, even as the overall number of data breaches per year have been decreasing, finds a new study by Frederick Kaefer, PhD, associate professor of Information Systems.

Kaefer’s study, co-authored with undergraduate student James Fritz, was recently published in The Journal of Applied Security Research. Professor Kaefer’s research interests include network security, data analysis, and computer networking.

Here, Professor Kaefer discusses his mega breach study, its findings, and takeaways for businesses and students. 

What is the focus of your research?

A data breach is one of the most feared disasters that can befall a company today, especially with increased attention to breaches by both consumers and regulators. In our research, we took a look at the rise of the mega breach, where the loss of data records rises into the millions. In the last several years, a number of major corporations have experienced mega breaches.

To understand the rise of these mega breaches, we examined data from 2,273 data breaches that occurred between 2005 and 2015 and that involved a confirmed loss of records. Over this 11-year period, 895 million records were involved in data breaches. Sixty-five breaches involved the loss of at least one million records, and earned the distinction of a “mega breach.” Even though these mega breaches accounted for only 3% of the data breaches in this time period, these breaches accounted for 92% of the total records lost.

Why study mega breaches?

Businesses are more sophisticated than ever in developing their defense and proactive measures against data breaches. However, only through sophisticated analysis of the cause of data breaches and their primary targets can a defense be established.

When a breach does occur, devastating consequences can result for those whose information is breached. Preparing for and learning how to best prevent data breaches is critical for both businesses and consumers.

What strategies should businesses use?

Strategies that help to improve an organization’s effectiveness in preventing data breaches include:

1. Encryption

 Encryption is an important function not only when transmitting data, but also when storing data. Through encryption, information is not readily available and adds an additional level of security.

2. Strong Passwords

Forensic investigations into cyber security have revealed that a large percentage of data breaches have involved the exploitation of weak passwords.

3. Classification of Information

Different pieces of information have different levels of sensitivity, and businesses need to implement different levels of security accordingly to efficiently protect data.

Why is your research important to Quinlan students?

Business students not only need to learn how to work with data, but they must also learn how to take care of data. This will prepare them for the responsibility they will have when they are in the workplace and work for organizations that must safeguard both organizational and customer data.

Students must also understand that new technological advances, such as the Internet of Things (IoT), bring new vulnerabilities and often require additional security measures.

Learn more