An enterprise’s breach notification procedures and vulnerability management programs, and need for real-time malware detection and protection, have come under increasing scrutiny in light of the disclosures of the Equifax data breach. As a result of the failure of Equifax to address a software vulnerability in a timely manner, a series of events began which culminated in regulatory, criminal and state attorney general investigations.
At the core of several of these investigations is a goal to establish a finding of negligence, so the most severe penalties can be inflicted upon the company as both punishment for alleged poor security and also as a dissuasive tactic directed at other businesses with less than robust protections of customer Personally Identifiable Information (PII), privacy information and financial information. Fortunately, the conclusion of negligence is not a forgone one. A number of tests exist, which require evidence, expert opinion and legal discussion.
Also Read: Where Fire Department Data Breach Fire
One of the tests used is to ask the question: Is it reasonable the information which was lost or stolen could do harm to an individual and if so how much harm? Clearly, the loss of credit card or banking information may be leveraged for immediate financial gain by cybercriminals – however, credit cards and bank account numbers are relatively easy to replace. Information such as credit history, medical or taxation information becomes far more problematic as names, dates of birth and addresses are much harder to change – if not impossible.
A finding of negligence is a result of failing any of the four of the tests: ignoring the explicit items you defined as your businesses responsibility, dismissing the likelihood of a security incident on an Internet connected machine, failing to implement a security best-practice in an egregious manner and identifying the potential of tangible harm to the victim, customer or business. A finding of this nature will not end well for your business or your customers.
As harsh as the analysis may be, a basic understanding of the responsibilities of executive oversite is not a frivolous exercise – engagement by the C-suite can make the difference between catastrophic loss or business as usual. When vulnerabilities are actively being exploited and million and billion dollar companies are falling victim, C-suite direction for rapid response is the best risk mitigation tactic. Anything less than rapidly responding to a Zero-day threat makes it easy for the bad guys to impact your company’s operations.
Complexitities in operations, large of the end nodes, diversity in hosted (data centers, Cloud, VMs, etc), global presence, handoff between teams, ownership conflicts are the inherit factor of any business operation and, hence, this situation warrants that human error are reduced by adaptation of the Orchestration and Automation supported by well defined Security Operation playbooks.
Simply put, the only reason you may feel the cybercriminals are winning, is because you have not called in experts to help you defend your business systems. Well known leadership coach Jesse Lyn Stone asserts, “Asking for help when you need it is a sign of strength, not weakness.” If you’re serious about protecting the customer information your business has and your team is struggling, it is time to bring in reinforcements.
Contact Us Today
For decades, Windows served as the workhorse of the business world. In recent years, however, a significant transformation has occurred with the rise of cloud infrastructure platforms. Enterprises now realize that legacy on-premises Windows workloads are impeding their progress. Core challenges include licensing costs, scalability issues, and reluctance to embrace digital transformation.Explore
Connecting more people to data has become imperative for organizations worldwide. In Top Trends in Data & Analytics for 2022, Gartner stated, “Connections between diverse and distributed data and people create truly impactful insight and innovation. These connections are critical to assisting humans and machines in making quicker, more accurate, trustworthy, and contextualized decisions while considering an increasing number of factors, stakeholders, and data sources.”Explore
Since the dawn of business, users have looked for three main components when it comes to data: Search | Secure| Share. Now let's talk about the evolution of data over the years. It's a story in itself if one pays attention. Back then, applications were created to handle a set of processes/tasks. These processes/tasks, when grouped logically, became a sub-function, a set of sub-functions constituted a function, and a set of functions made up an enterprise. Phase 1 – Data-AwareExplore
Practitioners in the data realm have gone through various acronyms over the years. It all started with "Decision Support Systems" followed by "Data Warehouse", "Data Marts", "Data Lakes", "Data Fabric", and "Data Mesh", amongst storage formats of RDBMS, MPP, Big Data, Blob, Parquet, Iceberg, etc., and data collection, consolidation, and consumption patterns that have evolved with technology.Explore
Enterprises have, over time, invested in a variety of tools, technologies, and methodologies to solve the critical problem of managing enterprise data assets, be it data catalogs, security policies associated with data access, or encryption/decryption of data (in motion and at rest) or identification of PII, PHI, PCI data. As technology has evolved, so have the tools and methodologies to implement the same. However, the issue continues to persist. There are a variety of reasons for the same:Explore
Finding Hidden Patterns and Correlations Innovative technologies such as artificial intelligence (AI), machine learning (ML) and natural language processing (NLP) are transforming the way we approach data analytics. AI, ML and NLP are categorized under the umbrella term of “cognitive analytics,” which is an approach that leverages human-like computer intelligence to identify hidden patterns and correlations in data.Explore