Are Cyber Breaches The New Norm?

Uploaded on 2016-09-22 in NEWS-Cybersecurity News, FREE TO VIEW

The first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

The most significant fallouts from such highly publicised breaches have either been the resignation/firing of chief executive officers (e.g., the ones Target, Sony, US Office of Personnel Management), or else a limited show of consumer discontent by stopping patronage of a particular organization, such as what the British telecom Talk Talk experienced after its breach.  

Target, after its 2013 breach became public, suffered an immediate massive earnings hit when consumers sought other retail alternatives.  Yet, in many instances, loss of consumer confidence has proven to be short term; two years later, Target had bounced back both commercially, and in consumer trust.

Even the recent revelatory hacking incident that stole and then exposed US Democratic National Committee (DNC) sensitive information focused more on “who” perpetrated the act, rather than why was such a hack successful, and what had been the standard security practices at the time that facilitated the breach in the first place.  

In this instance too, senior individuals including the then Chairperson of the DNC resigned from their positions, perhaps distracting from the more pertinent point, what was the cyber security posture prior to the breach?  Indeed, what’s particularly disconcerting about this incident is that sources have indicated that federal investigators had tied to war the DNC about a potential intrusion in their network months before the party had tried to fix the problem.  

If true, this certainly calls into question the gravity with which political organizations address cyber security.  More importantly, it calls into question what steps are being taken to guarantee user data security and policies are being implemented to reduce further risk exposure in the future.

While it is always interesting to know who pulled off some of the more attention-garnering headlines, it ultimately does not help in addressing security at an organisational level unless a strategy is designed and put into place.  

A good first step is designing a risk management approach that helps organizations identify and preserve the very data that they should protect to ensure business operations. This includes incorporating the appropriate technologies, as well as creating and testing an incident response plan to better prepare an organisation before, during, and post-breach.

While cyber security remains a challenging and difficult undertaking, complacency should not replace responsibility when it comes to holding organizations accountable for failing to properly secure the very information to which they are entrusted.  Cyber insurance and identity theft does not replace a cyber security ecosystem designed to be resilient in the face of these activities. They are part of the post-breach remediation but they do not help prevent or reduce the threat from happening.

It is disappointing if organisations would rather assume the risk of major class action lawsuits from consumers and financial institutions to doing their due diligence with regards to taking responsible action with regards to protecting customer data.  

In the age where most concede that “it’s not if you’ll be breached, but when,” it’s time for organisations to understand that their constituents are their most prized asset, and that by protecting their interests, the organisation secures the continued longevity of theirs in turn.

Cyberdb

 

« Social Media Sites - Cyber Weapons of Choice
Terror Threat In 2016 Worse Than 2001 »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Greenetics Solutions

Greenetics Solutions

Greenetics Solutions is a company focused on providing solutions for information security.

Vector Informatik

Vector Informatik

Vector Informatik is a specialist in automotove electronics and provides services, embedded software and tools for securing embedded systems against cyber-attacks.

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance (PIRC)

Partners in Regulatory Compliance provides an array of cybersecurity services including cybersecurity policy management, risk assessments and regulatory compliance consulting.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

Hyperion Gray

Hyperion Gray

Hyperion Gray are a small research and development team focused on innovative work in a variety of areas including Software & Security Research, Penetration Testing, Incident Response, and Red Teaming

QuantiCor Security

QuantiCor Security

QuantiCor Security is one of the world’s leading developers and manufacturers of quantum computer resistant security solutions for IT infrastructures and the Internet of Things (IoT).

Qrypt

Qrypt

Qrypt has developed the only cryptographic solution capable of securing information indefinitely with mathematical proof as evidence.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Stacklok

Stacklok

Stacklok are an Open Source first security company enabling safe Open Source Software consumption.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Beacon Technology

Beacon Technology

Beacon Technology offers a comprehensive platform consisting of XDR, VMDR, and Breach and Attack simulation tools.

Hughes Network Systems

Hughes Network Systems

Hughes are industry leaders in networking technologies and services, innovating constantly to deliver the global solutions that power a connected future for people, enterprises and things everywhere.

Redapt

Redapt

Redapt is an end-to-end technology solutions provider that brings clarity to a dynamic technical environment.

OryxAlign

OryxAlign

OryxAlign offer managed IT and cyber security, cloud and digital transformation, and tailored professional and consulting services.