Are Cyber Breaches The New Norm?

Uploaded on 2016-09-22 in NEWS-Cybersecurity News, FREE TO VIEW

The first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

The most significant fallouts from such highly publicised breaches have either been the resignation/firing of chief executive officers (e.g., the ones Target, Sony, US Office of Personnel Management), or else a limited show of consumer discontent by stopping patronage of a particular organization, such as what the British telecom Talk Talk experienced after its breach.  

Target, after its 2013 breach became public, suffered an immediate massive earnings hit when consumers sought other retail alternatives.  Yet, in many instances, loss of consumer confidence has proven to be short term; two years later, Target had bounced back both commercially, and in consumer trust.

Even the recent revelatory hacking incident that stole and then exposed US Democratic National Committee (DNC) sensitive information focused more on “who” perpetrated the act, rather than why was such a hack successful, and what had been the standard security practices at the time that facilitated the breach in the first place.  

In this instance too, senior individuals including the then Chairperson of the DNC resigned from their positions, perhaps distracting from the more pertinent point, what was the cyber security posture prior to the breach?  Indeed, what’s particularly disconcerting about this incident is that sources have indicated that federal investigators had tied to war the DNC about a potential intrusion in their network months before the party had tried to fix the problem.  

If true, this certainly calls into question the gravity with which political organizations address cyber security.  More importantly, it calls into question what steps are being taken to guarantee user data security and policies are being implemented to reduce further risk exposure in the future.

While it is always interesting to know who pulled off some of the more attention-garnering headlines, it ultimately does not help in addressing security at an organisational level unless a strategy is designed and put into place.  

A good first step is designing a risk management approach that helps organizations identify and preserve the very data that they should protect to ensure business operations. This includes incorporating the appropriate technologies, as well as creating and testing an incident response plan to better prepare an organisation before, during, and post-breach.

While cyber security remains a challenging and difficult undertaking, complacency should not replace responsibility when it comes to holding organizations accountable for failing to properly secure the very information to which they are entrusted.  Cyber insurance and identity theft does not replace a cyber security ecosystem designed to be resilient in the face of these activities. They are part of the post-breach remediation but they do not help prevent or reduce the threat from happening.

It is disappointing if organisations would rather assume the risk of major class action lawsuits from consumers and financial institutions to doing their due diligence with regards to taking responsible action with regards to protecting customer data.  

In the age where most concede that “it’s not if you’ll be breached, but when,” it’s time for organisations to understand that their constituents are their most prized asset, and that by protecting their interests, the organisation secures the continued longevity of theirs in turn.

Cyberdb

 

« Social Media Sites - Cyber Weapons of Choice
Terror Threat In 2016 Worse Than 2001 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ThaiCERT

ThaiCERT

ThaiCERT is the national Computer Security Incident Response Team (CSIRT) for Thailand.

Altius IT

Altius IT

Altius IT reviews your website for security vulnerabilities and provides a report identifying vulnerabilities and recommendations to make secure.

CYBER 1

CYBER 1

CYBER 1 provides cyber security solutions to customers wanting to be resilient against new and existing threats.

Federation of Finnish Technology Industries

Federation of Finnish Technology Industries

The Federation of Finnish Technology Industries is the lobbying organisation for technology industry companies in Finland.

NuData Security

NuData Security

NuData Security, A Mastercard Company, is an award winning behavioral biometrics company.

Honeywell Process Solutions (HPS)

Honeywell Process Solutions (HPS)

Honeywell's Industrial Cyber Security Solutions help plants and critical infrastructure sectors defend the availability, reliability and safety of their industrial control systems.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

BlackCloak

BlackCloak

BlackCloak provides Concierge Cyber Security for high-net-worth individuals and corporate executives to protect them from cybercrime, reputational risks, hacking and identity theft.

Omnipotech

Omnipotech

Omnipotech is a complete managed service provider. From desktop to datacenter, all the technology support you need, under one umbrella.

SolidRun

SolidRun

SolidRun is a leading provider of computing and network technology designed to streamline the deployment of edge computing infrastructure and support embedded and IoT markets.

KATIM

KATIM

KATIM is a leader in the development of innovative secure communication products and solutions for governments and businesses.

Lansweeper

Lansweeper

Lansweeper is an IT Asset Management platform provider helping businesses better understand, manage and protect their IT devices and network.

Seraphic Security

Seraphic Security

Seraphic Security provides attack protection to enable safe browsing for employees or contractors, as well as advanced governance controls to enforce enterprise policies across devices.

xdr.global

xdr.global

Xdr.global is a cybersecurity consulting firm, focused on promoting and aligning Extended Detection and Response (XDR) security solutions.

Panoptic Cyber

Panoptic Cyber

Panoptic Cyber are a team of elite Armed Forces Veterans who hold a wealth of experience in Information Security, Cyber Security, Data Protection and Risk Management.