How can data breaches be stopped?

It seems like every week we're hearing about some new data breach involving a major business or corporation. Many New Jerseyans are wondering if this problem will continue to get worse, or if something can be done about it.

"Cyber-security continues to be a huge challenge and part of the problem is the threat landscape continually changes, every time a new piece of software is introduced or other technology is introduced it creates certain vulnerabilities," said James Mottola, special agent in charge of the Secret Service Newark Field Office, during a cyber-security symposium in Union.

Mottola said "those vulnerabilities are often exploited by folks that are looking to monetize, in one way shape or form, the exfiltration or the sale of data, and in particular financial data."

In addition to stealing from big corporations, Mottola says cyber crooks are also stealing information from individuals, by tricking them into "opening up an email, clicking on a link that can be malicious and loading certain malware onto computer systems - so it's critically important to continue to educate people in the public sector about all of the schemes that are out there."

He said while it may be impossible to stop all breaches from taking place, the situation can be improved.

"For small businesses in particular, they need to look at some of these IT professionals for services that can help them protect their data, because it's not their core business," Mottola said.

He said officials are trying to encourage companies to "partition" information online, and then quickly respond if, and when, a breach takes place.

"Businesses have gotten much better at detecting when their systems have been infiltrated and responding to that and I think that's an evolution, I think we'll continue to see that. There are best practices that companies can follow to reduce the risk," he said.

Assemblyman Jon Bramnick, (R-Westfield) who organized the symposium, said part of the current problem is that businesses are afraid to discuss cyber theft, because they're nervous it will hurt their sales.

"If you mention that a business is under attack it may affect consumer confidence in that business; they may not shop there," he said.

Bramnick said he understands there are some things we shouldn't talk about in a public forum, but to not have any discussion about the topic because we're afraid "is a big mistake."

He added if companies won't voluntarily share this information with the state office of Homeland Security, "then we may have to require disclosure when a business is attacked in New Jersey, we may have to legislate it."

New Jersey Homeland Security Director Chris Rodriguez said cyber-security is something we all need to play a part in.

"We have adversaries out there who are interested in gathering data and information from our networks for nefarious purposes," Rodriguez said.

He said said his Office is working to branch the technical, analytical and communication gaps between local and federal authorities, facilitate information-sharing with the private sector and engage citizens "to practice better cyber-hygiene."