Ben Hatton Data Breaches: Prevention and Response go hand in hand

October 30, 2014 by · Leave a Comment 

October is Cybersecurity Awareness Month, an issue that doesn’t just impact us as a data center, but all individuals and companies across the board as well (check out our post from last year on the subject). This is a challenge that is continually evolving, and it was the focus of last month’s TechPoint panel discussion. Bringing together experts in consulting, healthcare, and cybersecurity research, the discussion centered around the changing security landscape, what some of today’s key risks look like, and how businesses and individuals can (and must) adapt to these risks.

TechPoint panel discussion: Cybersecurity-The New Normal

I’m going to look at some of the key points that were discussed by the panel, and how due diligence against data breaches is essential for both companies as well as individuals.

If you haven’t already created a data breach prevention plan, please do so. Right now.

The discussion opened with a few alarming statistics from a recent Ponemon study on data breaches (the report can be accessed here):

  • Over the past year, 43% of companies have experienced a data breach, with 60% of them having experienced multiple breaches in the last 2 years.
  • 67% of business leaders lack a full understanding of how to effectively respond to a breach when one occurs.
  • 62% expressed no confidence in their ability to respond to a breach, and of the respondents who do have a response plan in place, 30% of them stated that it is flat out worthless when responding to a breach.

If these stats make it seem like data breaches are ultimately inevitable for any company regardless of how much they prepare, that’s because they are. The general consensus of the panelists was that if your company hasn’t experienced a breach before, it will. This is largely due to the growing level of sophistication of the hackers responsible for breaches, who have evolved from teenagers with an illegal hobby to full-scale operations that are funded by criminal organizations or, in some cases, governments. Since the threat itself has evolved, the ways we prepare and respond need to evolve as well.

A breach response plan is just as important as a prevention plan.

Due to the increasingly high probability for any company to experience a data breach, the panelists stressed the importance of having an effective breach response plan, in addition to the measures you take to prevent breaches from occurring. To a degree, how companies respond to a data breach can sometimes be even more important than how they  work to prevent them in the first place, due to the fact that breaches are so prevalent. To make matters worse, a breach response plan is something that is often overlooked or neglected altogether by many companies.

“Human beings are not perfect computers.”

While companies can have solid security policies and practices in place, they will not amount to much if their employees aren’t educated about them, or abide by them. Another key point made during the discussion was that “human beings are not perfect computers,” and that as employees and consumers, we all need to become better educated about the specific security risks that we face on a daily basis. This requires effort both on the parts of the employees themselves, and the organizations they work for.

This is somewhat of a paradigm shift from the “traditional” line of thinking, where the burden of security protection is almost always placed solely on companies, and not on the consumer (I touched on this same thing in this Data Privacy post from August). As I wrote about then, and as the panelists discussed at this event, as consumers and responsible employees we need to become educated about both our personal data security as well as the security of our organizations. In reality, companies themselves can only handle so much of the burden of keeping data secure from breaches; it requires education and vigilance on the part of the employee as well.

The threat is continually evolving, so we need to continually adapt.

My final and biggest take-away from the discussion also pretty well summarizes and ties together all of the previous points: Not only will the threat of data breaches always exist, but it will continually evolve with the technology as well as those who can profit from compromising a company’s data. Furthermore, as consumers we continually desire to be more and more connected, and we want to interact digitally more than ever before. These two factors point even further to the huge need for both companies and individuals to be continually learning and adapting to these trends, or risk the consequences. And as the panel closed with, therein lies the real challenge.

Share this with your friends!

Share on Facebook Share on Twitter Share on LinkedIn Share on Google+

If you liked this post, sign up for our monthly newsletter!

Newsletter Signup

 

 

Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!