sb-as logo
Story image

From a drip to a flood - the impact of a data leak

14 Jun 2016

Article sourced from welivesecurity

Data leaks, especially from an organization’s point of view, are a huge and growing problem (and when we say leak, we mean emerging internally, maliciously or accidentally). More and more businesses are certainly of that opinion, which is a good thing, as the fallout can be devastating.

While not technically a new development, the manner in which sensitive information can spill out of an enterprise is indicative of the zeitgeist. Assets are, by and large, digital and can therefore ‘exit the building’, in a manner of speaking, in more novel ways. This is something that many organizations are still getting used to. And the sooner, the better – the four pain points documented below are testament to that.

Data leak pain point #1: Financial losses

You can break records, but for all the wrong reasons, as St. Joseph Health System learnt recently. As a result of “misconfigured security settings”, 31,000 patient health records were exposed online for close to a year. The cost of this preventable blunder? A painful $28 million.

Key takeaway, courtesy of ESET’s Lysa Myers, is to appreciate the financial severity of a leak: “This settlement should give businesses a clear idea of the rising cost for failing to properly protect all personal data in their care properly.”

Data leak pain point #2: Brand damage

Last year, TalkTalk experienced a major data breach, affecting 157,000 of its customers. It was a huge story and needless to say, the impact, in terms of brand damage – the financial damage was later reported as being severe – swiftly devastating. A poll carried out in the immediate aftermath found that TalkTalk had already lost favor with members of the public.

Key takeaway, courtesy of WeLiveSecurity contributor Graham Cluley, is to be careful about how you respond to a breach: “Reading TalkTalk’s statement I find it hard to feel that they aren’t trying to put a positive ‘spin’ on things – they claim ‘only 4%’ of customers were affected, and play down the risks posed by some of the stolen data.”

Data leak pain point #3: Legal liability

Consumers expect organizations to bear ultimate responsibility for data leaks and, legally speaking, this expectation is gaining legislative support. For example, last year, the US Court of Appeals for the Third Circuit ruled that the FTC in the US has the power to punish enterprises that fail to invest in cybersecurity.

Key takeaway, courtesy of ESET’s Stephen Cobb, is to understand the legal aspects surrounding data security: “The negative publicity of an FTC action is the last thing your company wants to experience … [especially] when you are trying to restore the trust and goodwill of the customers and the market.”

Data leak pain point #4: Business continuity disruption

With more and more organizations moving parts of their operations online, or launching web-only enterprises, it’s important to prepare for all sorts of threats that might disrupt the normal flow of their operations. This is something small businesses signed up to Moonfruit learned in 2015, when the website builder took down their websites as a security measure in the run up to Christmas.

Key takeaway, courtesy of Mr. Cobb, is to appreciate that “business continuity is vital”: “Any company of any size can improve its chances of coming through a disruptive event in one piece – with its brand intact and its revenue undiminished – by following some tried and trusted strategies.”

Article sourced from welivesecurity

Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
CrowdStrike integrates with ServiceNow program to bolster incident response
As part of the move, users can now integrate device data from the CrowdStrike Falcon platform into their incident response process, allowing for the improvement of both the security and IT operation outcomes.More
Story image
Just one click – that’s all it takes to let in cyber-crime
So how do organisations ensure that users are not compromised by simply doing their work?  The answer is surprisingly simple, writes Bufferzone Security business strategist for A/NZ Greg Wyman.More
Story image
Exabeam and Code42 partner up to launch insider threat solution
The solution will give customers a fuller picture of their environment, and will leverage automated incident response to obstruct insider threat before data loss occurs.More