Story image

From a drip to a flood - the impact of a data leak

14 Jun 16

Article sourced from welivesecurity

Data leaks, especially from an organization’s point of view, are a huge and growing problem (and when we say leak, we mean emerging internally, maliciously or accidentally). More and more businesses are certainly of that opinion, which is a good thing, as the fallout can be devastating.

While not technically a new development, the manner in which sensitive information can spill out of an enterprise is indicative of the zeitgeist. Assets are, by and large, digital and can therefore ‘exit the building’, in a manner of speaking, in more novel ways. This is something that many organizations are still getting used to. And the sooner, the better – the four pain points documented below are testament to that.

Data leak pain point #1: Financial losses

You can break records, but for all the wrong reasons, as St. Joseph Health System learnt recently. As a result of “misconfigured security settings”, 31,000 patient health records were exposed online for close to a year. The cost of this preventable blunder? A painful $28 million.

Key takeaway, courtesy of ESET’s Lysa Myers, is to appreciate the financial severity of a leak: “This settlement should give businesses a clear idea of the rising cost for failing to properly protect all personal data in their care properly.”

Data leak pain point #2: Brand damage

Last year, TalkTalk experienced a major data breach, affecting 157,000 of its customers. It was a huge story and needless to say, the impact, in terms of brand damage – the financial damage was later reported as being severe – swiftly devastating. A poll carried out in the immediate aftermath found that TalkTalk had already lost favor with members of the public.

Key takeaway, courtesy of WeLiveSecurity contributor Graham Cluley, is to be careful about how you respond to a breach: “Reading TalkTalk’s statement I find it hard to feel that they aren’t trying to put a positive ‘spin’ on things – they claim ‘only 4%’ of customers were affected, and play down the risks posed by some of the stolen data.”

Data leak pain point #3: Legal liability

Consumers expect organizations to bear ultimate responsibility for data leaks and, legally speaking, this expectation is gaining legislative support. For example, last year, the US Court of Appeals for the Third Circuit ruled that the FTC in the US has the power to punish enterprises that fail to invest in cybersecurity.

Key takeaway, courtesy of ESET’s Stephen Cobb, is to understand the legal aspects surrounding data security: “The negative publicity of an FTC action is the last thing your company wants to experience … [especially] when you are trying to restore the trust and goodwill of the customers and the market.”

Data leak pain point #4: Business continuity disruption

With more and more organizations moving parts of their operations online, or launching web-only enterprises, it’s important to prepare for all sorts of threats that might disrupt the normal flow of their operations. This is something small businesses signed up to Moonfruit learned in 2015, when the website builder took down their websites as a security measure in the run up to Christmas.

Key takeaway, courtesy of Mr. Cobb, is to appreciate that “business continuity is vital”: “Any company of any size can improve its chances of coming through a disruptive event in one piece – with its brand intact and its revenue undiminished – by following some tried and trusted strategies.”

Article sourced from welivesecurity

Cisco expands security capabilities of SD­-WAN portfolio
Until now, SD-­WAN solutions have forced IT to choose between application experience or security.
AlgoSec delivers native security management for Azure Firewall
AlgoSec’s new solution will allow a central management capability for Azure Firewall, Microsoft's new cloud-native firewall-as-a-service.
How to configure your firewall for maximum effectiveness
ManageEngine offers some firewall best practices that can help security admins handle the conundrum of speed vs security.
Exclusive: Why botnets will swarm IoT devices
“What if these nodes were able to make autonomous decisions with minimal supervision, use their collective intelligence to solve problems?”
Why you should leverage a next-gen firewall platform
Through full lifecycle-based threat detection and prevention, organisations are able to manage the entire threat lifecycle without adding additional solutions.
The quid pro quo in the IoT age
Consumer consciousness around data privacy, security and stewardship has increased tenfold in recent years, forcing businesses to make customer privacy a business imperative.
ForeScout acquires OT security company SecurityMatters for US$113mil
Recent cyberattacks, such as WannaCry, NotPetya and Triton, demonstrated how vulnerable OT networks can result in significant business disruption and financial loss.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).