Are Cyber Breaches The New Norm?

Uploaded on 2016-09-22 in NEWS-Cybersecurity News, FREE TO VIEW

The first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

The most significant fallouts from such highly publicised breaches have either been the resignation/firing of chief executive officers (e.g., the ones Target, Sony, US Office of Personnel Management), or else a limited show of consumer discontent by stopping patronage of a particular organization, such as what the British telecom Talk Talk experienced after its breach.  

Target, after its 2013 breach became public, suffered an immediate massive earnings hit when consumers sought other retail alternatives.  Yet, in many instances, loss of consumer confidence has proven to be short term; two years later, Target had bounced back both commercially, and in consumer trust.

Even the recent revelatory hacking incident that stole and then exposed US Democratic National Committee (DNC) sensitive information focused more on “who” perpetrated the act, rather than why was such a hack successful, and what had been the standard security practices at the time that facilitated the breach in the first place.  

In this instance too, senior individuals including the then Chairperson of the DNC resigned from their positions, perhaps distracting from the more pertinent point, what was the cyber security posture prior to the breach?  Indeed, what’s particularly disconcerting about this incident is that sources have indicated that federal investigators had tied to war the DNC about a potential intrusion in their network months before the party had tried to fix the problem.  

If true, this certainly calls into question the gravity with which political organizations address cyber security.  More importantly, it calls into question what steps are being taken to guarantee user data security and policies are being implemented to reduce further risk exposure in the future.

While it is always interesting to know who pulled off some of the more attention-garnering headlines, it ultimately does not help in addressing security at an organisational level unless a strategy is designed and put into place.  

A good first step is designing a risk management approach that helps organizations identify and preserve the very data that they should protect to ensure business operations. This includes incorporating the appropriate technologies, as well as creating and testing an incident response plan to better prepare an organisation before, during, and post-breach.

While cyber security remains a challenging and difficult undertaking, complacency should not replace responsibility when it comes to holding organizations accountable for failing to properly secure the very information to which they are entrusted.  Cyber insurance and identity theft does not replace a cyber security ecosystem designed to be resilient in the face of these activities. They are part of the post-breach remediation but they do not help prevent or reduce the threat from happening.

It is disappointing if organisations would rather assume the risk of major class action lawsuits from consumers and financial institutions to doing their due diligence with regards to taking responsible action with regards to protecting customer data.  

In the age where most concede that “it’s not if you’ll be breached, but when,” it’s time for organisations to understand that their constituents are their most prized asset, and that by protecting their interests, the organisation secures the continued longevity of theirs in turn.

Cyberdb

 

« Social Media Sites - Cyber Weapons of Choice
Terror Threat In 2016 Worse Than 2001 »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

SANS Institute

SANS Institute

SANS is the most trusted and by far the largest source for information security training and security certification in the world.

IronScales

IronScales

IronScales combines human intelligence with machine learning to automatically prevent, detect and respond to email phishing attacks.

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

Telecom Information Sharing and Analysis Center Japan (T-ISAC Japan)

T-ISAC Japan coordinates information sharing and activities related to ISP/telecommunications network security in Japan.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

KOBIL

KOBIL

KOBIL is a pioneer in the fields of smart card, one-time password, authentication and cryptography.

PBOSecure

PBOSecure

PBOSecure is a dynamic and progressive IT consultancy company specializing in IT and Industrial Control System (ICS) security.

TES

TES

TES is a provider of IT Lifecycle Services, offering bespoke solutions that help customers manage the commissioning, deployment and retirement of Information Technology assets.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Mindsprint

Mindsprint

Mindsprint (formerly Olam Technology and Business Services - OTBS) are a leading edge technology and business services firm.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

Token

Token

Token is changing the way our customers secure their organizations by providing passwordless, biometric, multifactor authentication.

Driven Technologies

Driven Technologies

Driven is a cloud native service provider transforming the way companies leverage technology to improve business by securing, modernizing, and connecting applications, users, and data.

Cloud & More

Cloud & More

Tired of impersonal IT support? Experience the Cloud & More difference. We offer tailored IT services with a personal touch, ensuring your business technology runs smoothly.

Seasia Infotech

Seasia Infotech

Seasia Infotech is a leader in offering efficient, tailor-made and comprehensive digital transformation services.