January 24, 2019
We seem to see data compromises so frequently these days. Why is that and is it really becoming more common for organizations to suffer breaches? Marc Groman, who served on Pres. Obama’s cyber security team recently gave some insight to this very question on the question and answer website, Quora.
Data compromises are caused by numerous factors, but fundamentally, Groman said that it was a lack of investment of ‘adequate resources in data security and cyber security’. To this day, companies forgo pouring money into such areas of the business, instead looking to spend it elsewhere. The attitude can still too often be: ‘oh it won’t be us who gets hit by a cyber attack.’
It’s a dangerous stance to take. That’s because breaches can still happen easily and come from anywhere inside organizations. Groman said:
“Another reality is that many data breaches are caused by human error or negligence. This includes the failure to properly configure a server or other hardware, the failure to update software on a timely basis, using administrative passwords, and failing to use strong passwords or two-factor authentication. In addition, many compromises are caused by people clicking on links in phishing emails or in pop ups. Some of the largest and most serious data breaches were caused by mistakes and entirely avoidable.”
Organizations need to take cyber security seriously. And that doesn’t only mean investing in cyber security, but it means from the top down, all employees, no matter how junior and no matter how senior, are aware of their cyber security duty. It’s not part of the company that should be left to an isolated IT team. Good cyber security considerations should be a part of every major decision. It’s what forms the platform for success.
The question remains though, are data compromises more common these days. The answer from Groman is that no, breaches are likely happening in similar numbers to the past. The thing that has changed is people and governments’ awareness around the world. As awareness has grown, laws have changed. Whereas before, there was often no obligation to report data breaches to customers or government agencies, that is rapidly changing, state by state, country by country.
Just take Massachusetts. This month the state introduces new laws that compel organizations to not only report data breaches in a timely manner, but to increase their offering of free credit freezing and monitoring services to those affected in incidents against them.
In the past, it was perhaps easy for organizations to get away with bad cyber security and data compromises without anyone knowing. Hopefully the culture is changing, and it’s not just the introduction of laws and greater fines, but we should start to see more organizations take cyber security seriously and give it the attention it deserves. Here at Global Data Sentinel, we help equip organizations with the tools they need to not only put in place strong cyber security solutions, but also that help cultivate a cyber security culture within organizations that is strong and takes no chances.
Global Data Sentinel empowers its clients to take back full control over their data, eradicating the threat of cybercrime.
May 20, 2015