Are Cyber Breaches The New Norm?

Uploaded on 2016-09-22 in NEWS-Cybersecurity News, FREE TO VIEW

The first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

The most significant fallouts from such highly publicised breaches have either been the resignation/firing of chief executive officers (e.g., the ones Target, Sony, US Office of Personnel Management), or else a limited show of consumer discontent by stopping patronage of a particular organization, such as what the British telecom Talk Talk experienced after its breach.  

Target, after its 2013 breach became public, suffered an immediate massive earnings hit when consumers sought other retail alternatives.  Yet, in many instances, loss of consumer confidence has proven to be short term; two years later, Target had bounced back both commercially, and in consumer trust.

Even the recent revelatory hacking incident that stole and then exposed US Democratic National Committee (DNC) sensitive information focused more on “who” perpetrated the act, rather than why was such a hack successful, and what had been the standard security practices at the time that facilitated the breach in the first place.  

In this instance too, senior individuals including the then Chairperson of the DNC resigned from their positions, perhaps distracting from the more pertinent point, what was the cyber security posture prior to the breach?  Indeed, what’s particularly disconcerting about this incident is that sources have indicated that federal investigators had tied to war the DNC about a potential intrusion in their network months before the party had tried to fix the problem.  

If true, this certainly calls into question the gravity with which political organizations address cyber security.  More importantly, it calls into question what steps are being taken to guarantee user data security and policies are being implemented to reduce further risk exposure in the future.

While it is always interesting to know who pulled off some of the more attention-garnering headlines, it ultimately does not help in addressing security at an organisational level unless a strategy is designed and put into place.  

A good first step is designing a risk management approach that helps organizations identify and preserve the very data that they should protect to ensure business operations. This includes incorporating the appropriate technologies, as well as creating and testing an incident response plan to better prepare an organisation before, during, and post-breach.

While cyber security remains a challenging and difficult undertaking, complacency should not replace responsibility when it comes to holding organizations accountable for failing to properly secure the very information to which they are entrusted.  Cyber insurance and identity theft does not replace a cyber security ecosystem designed to be resilient in the face of these activities. They are part of the post-breach remediation but they do not help prevent or reduce the threat from happening.

It is disappointing if organisations would rather assume the risk of major class action lawsuits from consumers and financial institutions to doing their due diligence with regards to taking responsible action with regards to protecting customer data.  

In the age where most concede that “it’s not if you’ll be breached, but when,” it’s time for organisations to understand that their constituents are their most prized asset, and that by protecting their interests, the organisation secures the continued longevity of theirs in turn.

Cyberdb

 

« Social Media Sites - Cyber Weapons of Choice
Terror Threat In 2016 Worse Than 2001 »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

BTWorks

BTWorks

BTWorks provides identity management and anti-phishing / smishing solutions for web and mobile apps.

Towergate Insurance

Towergate Insurance

Towergate Insurance is a leading UK specialist insurance broker. Business products include Cyber Liability Insurance.

CyberSecurityTrainingCourses.com

CyberSecurityTrainingCourses.com

Cyber Security Training Courses is a portal to help candidates find the best courses to progress their career within the IT security industry.

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association (NHCAA) - USA

National Health Care Anti-Fraud Association is the leading national organization focused exclusively on the fight against health care fraud.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Agile Underwriting

Agile Underwriting

Agile, an underwriting agency, insurtech and Coverholder at Lloyd's, provides niche insurance products across Aviation, Marine & Cargo, Cyber and Financial Lines.

Atlantic Data Security

Atlantic Data Security

Atlantic Data Security is skilled in the analysis, recommendation, deployment, and management of all critical components of the security infrastructure.

AnyTech365

AnyTech365

AnyTech365 is a leading European IT Security and Support company helping end users and small businesses have a worry-free experience with all things tech.

Heartland Business Systems (HBS)

Heartland Business Systems (HBS)

Heartland Business Systems serves commercial, public sector and small to medium business with results-driven and dedicated information technology services.

Cyber & Data Protection

Cyber & Data Protection

Cyber & Data Protection Limited supports Charities, Educational Trusts and Private Schools, Hospitality and Legal organisations by keeping their data secure and usable.

Brightside AI

Brightside AI

Brightside AI is a Swiss cybersecurity SaaS that helps teams combat AI-enabled phishing threats. Protect your team today.

Ampsight

Ampsight

Ampsight specializes in enabling cloud integration, securing data, and navigating complications that drive critical-mission success.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.

Cyabra

Cyabra

Cyabra is leading the fight against disinformation. Our AI shields companies and the public sector by uncovering malicious actors, bot networks, and GenAI content.