Criminals rob banks and ATMs because that's where the money is. Criminals breach internet accessible systems and applications for the same reason.
We all know no matter how much a bank, ATM or vault are hardened that they can be breached. It's merely a matter of risk, reward, effort and ability to pull it off without being stopped during the crime or caught after detection. The same holds true for cyber.
No bank would create a mega ATM with even a mere one million dollars of cash in it because if thieves knew that, they'd be using more approaches to breach them.
It's amazing then that any company would expose a database with virtual reams of data with potentially millions upon millions of dollars or records exposed to the entire internet and rely merely upon some kind of electronic protection.
We have to start thinking about troves of data as mega ATMs and start questioning the sanity of doing this. We have to stop assuming we can have 100% protection.
We should not be surprised about the volume of breaches when we consider the massive value of electronic data to be taken, and have to reconsider access. Having just a web page and single authentication to access money or assets that can be sold is pure lunacy. We have to reconsider public access and use different approaches.
Once we factor in the human aspect of making sure everything is set properly, things only get worse. Imagine the level of security and validation a bank would need to house a virtual mega ATM. A great example is Fort Knox and yet there are almost countless virtual versions of Fort Knox accessible on the internet without the appropriate scrutiny and oversight.