Organizations of all types have had to adapt their businesses as the world rapidly becomes more tightly connected. Companies must focus on the convenience of online access and ease of digital transactions to stay competitive in today’s landscape.
Unfortunately, the need to keep data secure as it moves online has not been met with the same urgency. Companies may see cybersecurity as an important part of their operations. But they haven’t been driven to innovate in this area at the same pace.
Perhaps this explains why so many catastrophic data breaches have come to light within the past few years.
Leaders in tech and internet services (Yahoo, Facebook, and Uber, among others) have suffered attacks compromising tens of millions of accounts. Organizations handling highly sensitive information (Equifax and the Office of Personnel Management among them) have been severely criticized for their lack of basic security protections. Too often, the breached organizations seemed wholly unprepared.
When Data Breach Responses Go Wrong
Security is starting to take a more prominent role in development strategies. But as long as security capabilities lag, companies must firm up plans for incident response to mitigate damages — direct financial consequences and reduced consumer trust alike.
Consider these examples of “how to do it wrong”:
- Equifax waited six days before telling its customers about its 2017 data breach. This cost precious time customers could spend responding to the attack.
- Ebay was worse. In 2014, it took three months to even recognize that up to 233 million users’ personal data was exposed, and they took two weeks before notifying anyone. Many customers learned about the breach from the news rather than eBay. Even informational pages on eBay.com were left blank for a time.
- Sony was a mess on the PR front after its 2014 hack that was attributed to North Korea. The company temporarily pulled “The Interview” (a comedy about North Korea) from its theatrical release, sued media outlets that reported on the breach and failed to quickly take responsibility.
In the most highly publicized failures of data protection, the organizations’ public responses indicated a lack of basic awareness regarding security vulnerabilities.
If any company is going to identify and respond to incidents, it must first understand its risks and prioritize them appropriately. Only then can a company take action to enhance protections, monitor effectively for breaches and execute a well-planned response.
Lunarline can help your organization get a clearer picture of your security risks and develop plans that can keep you from repeating the biggest security mistakes of the past few years. For more information, contact us online today.