Cyber Threat or Cyber Opportunity?

Madison Square Garden Data BreachNews of the most recent high profile cyber breach, that the concession stands in Madison Square Garden were compromised, has just been released.

But it’s not the fact that they were compromised that’s concerning but that the breach was in place for over a year before they even knew about it. This is a trend we are seeing more often this year.

It started me thinking about how organizations look at cyber security - it’s almost always in a negative way. The fear of the hack, the stigma associated, how will my business recover and most importantly my customer’s information will be widely available on the internet.

Behind all this fear and distress there is a genuine opportunity for businesses to move beyond this “roll the dice” conundrum.

Business owners, CEO’s, CIO’s should be considering how they can be the ‘first in class’ with their cyber security and to make that a selling point, a unique selling proposition, a reason why you should trust them and do business with them.

A business who views Cyber Security as the “Gold Standard” will probably have superior customer service, better products and respect your business a lot more. A business that can demonstrate and validate that their systems are impenetrable, could use this standard/benchmark to win contracts, a real way for their business to differentiate themselves from the competition.

As we enter the most intensive shopping periods of the year, either online or in store the pressure among traders and the anxiety among customers will increase. Almost every time I use my card, I think about whether the retailer has sufficient cyber security measures in place and do they have adequately trained and certified cyber technicians to protect my data?

As I have explained in previous posts, this is as much a people issue as it is technology, so are they promoting good cyber citizenship among their employees?

To achieve this “Gold Standard” is not impossible, but consider the peace of mind and the opportunity for the businesses that implemented and achieved that state of nirvana. They would have, the perfect infrastructure, all technicians trained and certified, proper risk management and governance in place, all staff would be aware of their cyber responsibilities and be good cyber citizens and have superior processes in place when a breach is suspected.

We need to come to terms with the reality of our situation, embrace the perspective the situation provides and re-frame it in our mind.

Out of adversity and challenges, opportunities are abound for those with the right cyber security mindset.

Carpe Diem !

John McGlinchey

John McGlinchey is the Senior Vice President of Global Business Development & Products for CompTIA

 

 


The long term cost of data breaches

Yahoo hacked

I am just back from a whirl wind tour of India, China and Japan and one topic seemed to dominate every conversation - Cyber Security!

If I was to summarise the points that were raised by all of our colleagues. partners and clients in our many conversations:

  • Security breaches are a wake-up call for many organizations
  • Usually they do not update their cyber security infrastructure and keep rolling the dice waiting to be hit
  • Instead of waiting, organizations must initiate a mechanism of threat sharing
  • Cyber threats must be immediately shared so that appropriate security measures can be taken in time
  • The stigma of being attacked must be removed
  • Government must step up and set best practices for cyber security
  • We can’t solve this problem with technology alone
  • Essentially it’s a human problem.
  • Almost all of the attacks we see are a result of human error
  • We all need to become better cyber citizens

When I returned from this exhausting but exhilarating trip I was reading the data from the 11th annual Cost of Data Breach Study (sponsored by IBM), which is recognised as being the industry’s gold-standard benchmark research, independently conducted by Ponemon Institute.

In 2016 alone we have seen breaches with Centene Corporation, the FBI, Seagate, Verizon, the IRS, and LinkedIn to name a few.

This year’s study found that the average consolidated total cost of a data breach grew from $3.8 million to $4 million.

Over a 10-month period, Ponemon Institute researchers interviewed IT, compliance and information security practitioners representing 383 organizations in 12 countries: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (a consolidation of organizations in the United Arab Emirates and Saudi Arabia), Canada and for the first time, South Africa.

While the amounts of money mentioned are staggering and could easily wipe out most businesses there is another cost that many people may not take into account.

When a company suffers a data breach besides losing money they will also suffer huge reputational damage - unfortunately when a company is breached customers and stakeholders see this as a big weakness. Was the company careless, were they not operating proper controls, are they to be trusted?

Often people don't blame the hackers (the thieves) for the breach but they will point a big accusing finger at the organization for being so "careless" - it's your fault!!

This long term damage could turn out to be much more detrimental that the initial financial loss.

Based on the feedback from my "tour" it looks like in too many cases the cyber penny has yet to drop! 

John McGlinchey

John McGlinchey is the Senior Vice President of Global Business Development & Products for CompTIA