Cyberattack: Have You Ever Used Any of These Bad Data Breach Excuses?
When it comes to data breaches and especially data breaches in 2015, you hear the same excuses over and over.
“The truth is there is nothing new about what these attackers are doing,” said Ken Levine, president and CEO of security service provider Digital Guardian. He was commenting on a high profile breach that occurred in the entertainment industry.
“They (the attackers) are using the same tactics they’ve used before to get inside these organizations...”
Here are some of the worst excuses of 2015, and information to help all organizations learn from these mistakes.
“There was a password issue.” The 2015 Second Annual Data Breach Industry Forecast predicted an increase in breaches involving the loss of passwords and other information that provides access to more sensitive information. The forecast recommended “incident response plans should include considerations of how to reset user passwords on a massive scale and send email promptly to all potential affected.”
“We are digitizing our data.” With digitization of health records underway,the health services sector has experienced a huge surge in cyberattacks. Step up security posture and data breach preparedness. For example, a strong, up-to-date anti-virus program will identify and block malicious sites.
“It was a tech problem.” A cyberattack is now considered a corporate-wide issue, and senior executives should have a good understanding of the data breach response plan as well as new technologies and security protocols. A risk assessment will help identify vulnerabilities.
“Data wasn’t encrypted.” It’s important to use data encryption on all computers and drives. When hackers got into an insurance provider’s database this year, member password encryption prevented them from gaining access to Social Security numbers and other confidential data.
“Data was not disposed of securely.” The 2015 Annual Verizon Data Breach Report showed that internal miscellaneous errors accounted for almost one-third of total incidents. Sensitive information was sent to incorrect recipients, non-public data was posted to public web servers, and personal and medical data did not receive secure disposal. Embed information security protocols in the workplace and implement security awareness training.
“It was a third-party’s fault.” An improperly handled data transfer to a non accredited data center exposed personal information from about 850,000 military personnel. The breach highlighted the importance of strong security practices for internal threats, including those posed by third party contractors.
“It was an unprecedented and sophisticated attack.” Downplaying responsibility or upgrading the cyberattack to almost supernatural in its power creates the impression that the organization sees itself as the sole victim, writes John E. Dunn in a techworld.com article: “But very few attacks are sophisticated or even need to be. And this ignores the large body of evidence that it is poor security practice, security policy and IT complexity that fuels more successful incidents.”
“Financial records were not compromised.” Dunn says this demeans the importance of personal data. “In fact, cybercriminals now have the identities of people and that can have serious consequences for those people, months, years or even decades in the future.”
Learn how to avoid these cyberattack excuses by making sure your organization has a data breach plan.