Are Cyber Breaches The New Norm?

The first half of 2016 has seen 538 breaches identified; 60 percent of businesses losing valuable intellectual property and/or trade secrets; and approximately 13 million records exposed.

The most significant fallouts from such highly publicised breaches have either been the resignation/firing of chief executive officers (e.g., the ones Target, Sony, US Office of Personnel Management), or else a limited show of consumer discontent by stopping patronage of a particular organization, such as what the British telecom Talk Talk experienced after its breach.  

Target, after its 2013 breach became public, suffered an immediate massive earnings hit when consumers sought other retail alternatives.  Yet, in many instances, loss of consumer confidence has proven to be short term; two years later, Target had bounced back both commercially, and in consumer trust.

Even the recent revelatory hacking incident that stole and then exposed US Democratic National Committee (DNC) sensitive information focused more on “who” perpetrated the act, rather than why was such a hack successful, and what had been the standard security practices at the time that facilitated the breach in the first place.  

In this instance too, senior individuals including the then Chairperson of the DNC resigned from their positions, perhaps distracting from the more pertinent point, what was the cyber security posture prior to the breach?  Indeed, what’s particularly disconcerting about this incident is that sources have indicated that federal investigators had tied to war the DNC about a potential intrusion in their network months before the party had tried to fix the problem.  

If true, this certainly calls into question the gravity with which political organizations address cyber security.  More importantly, it calls into question what steps are being taken to guarantee user data security and policies are being implemented to reduce further risk exposure in the future.

While it is always interesting to know who pulled off some of the more attention-garnering headlines, it ultimately does not help in addressing security at an organisational level unless a strategy is designed and put into place.  

A good first step is designing a risk management approach that helps organizations identify and preserve the very data that they should protect to ensure business operations. This includes incorporating the appropriate technologies, as well as creating and testing an incident response plan to better prepare an organisation before, during, and post-breach.

While cyber security remains a challenging and difficult undertaking, complacency should not replace responsibility when it comes to holding organizations accountable for failing to properly secure the very information to which they are entrusted.  Cyber insurance and identity theft does not replace a cyber security ecosystem designed to be resilient in the face of these activities. They are part of the post-breach remediation but they do not help prevent or reduce the threat from happening.

It is disappointing if organisations would rather assume the risk of major class action lawsuits from consumers and financial institutions to doing their due diligence with regards to taking responsible action with regards to protecting customer data.  

In the age where most concede that “it’s not if you’ll be breached, but when,” it’s time for organisations to understand that their constituents are their most prized asset, and that by protecting their interests, the organisation secures the continued longevity of theirs in turn.

Cyberdb

 

« Social Media Sites - Cyber Weapons of Choice
Terror Threat In 2016 Worse Than 2001 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Hack Miami

Hack Miami

HackMiami is the premier resource in South Florida for highly skilled hackers that specialize in vulnerability analysis, penetration testing, digital forensics, and all manner of IT security.

Nethemba

Nethemba

Nethemba provide pentesting and security audits for networks and web applications. Other services include digital forensics, training and consultancy.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

Security Network Munich

Security Network Munich

Security Network Munich brings together leading players in the field of information and cyber security through joint research and innovation projects.

Institute for Cybersecurity & Privacy (ICSP) -  University of Georgia

Institute for Cybersecurity & Privacy (ICSP) - University of Georgia

The goal of ICSP is to become a state hub for cybersecurity research and education, including multidisciplinary programs and research opportunities, outreach activities, and industry partnership.

BooleBox

BooleBox

Boolebox is the innovative suite of enterprise data protection applications that preserve the integrity and confidentiality of data from any unauthorized access.

Kuratorium Sicheres Österreich (KSO)

Kuratorium Sicheres Österreich (KSO)

KSO is an independent non-profit association that has set itself the goal of making Austria safer as a national networking and information platform for topics of internal security.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Inavate Consulting

Inavate Consulting

Inavate Consulting are experts in defining and implementing information assurance solutions and governance frameworks. Our ISO27001 consultants are the most experienced in the industry.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

Data Theorem

Data Theorem

Data Theorem is a leading provider in modern application security. Its core mission is to analyze and secure any modern application anytime, anywhere.

Next Peak

Next Peak

Next Peak provides cyber advisory and operational services based on deep business and national security experience, thought leadership, and a network of front-line defenders.

Jisc

Jisc

Jisc is a membership organisation working in partnership with the UK’s research and education communities to develop the digital technologies they need to teach, discover and thrive.

Myntex

Myntex

Myntex® builds the future of mobile security. We empower our partners to deliver exclusive mobile endpoint security software, fortifying against mobile threats, device exploits and data exfiltration.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.