An enterprise’s breach notification procedures and vulnerability management programs, and need for real-time malware detection and protection, have come under increasing scrutiny in light of the disclosures of the Equifax data breach. As a result of the failure of Equifax to address a software vulnerability in a timely manner, a series of events began which culminated in regulatory, criminal and state attorney general investigations.
At the core of several of these investigations is a goal to establish a finding of negligence, so the most severe penalties can be inflicted upon the company as both punishment for alleged poor security and also as a dissuasive tactic directed at other businesses with less than robust protections of customer Personally Identifiable Information (PII), privacy information and financial information. Fortunately, the conclusion of negligence is not a forgone one. A number of tests exist, which require evidence, expert opinion and legal discussion.
Also Read: Where Fire Department Data Breach Fire
One of the tests used is to ask the question: Is it reasonable the information which was lost or stolen could do harm to an individual and if so how much harm? Clearly, the loss of credit card or banking information may be leveraged for immediate financial gain by cybercriminals – however, credit cards and bank account numbers are relatively easy to replace. Information such as credit history, medical or taxation information becomes far more problematic as names, dates of birth and addresses are much harder to change – if not impossible.
A finding of negligence is a result of failing any of the four of the tests: ignoring the explicit items you defined as your businesses responsibility, dismissing the likelihood of a security incident on an Internet connected machine, failing to implement a security best-practice in an egregious manner and identifying the potential of tangible harm to the victim, customer or business. A finding of this nature will not end well for your business or your customers.
As harsh as the analysis may be, a basic understanding of the responsibilities of executive oversite is not a frivolous exercise – engagement by the C-suite can make the difference between catastrophic loss or business as usual. When vulnerabilities are actively being exploited and million and billion dollar companies are falling victim, C-suite direction for rapid response is the best risk mitigation tactic. Anything less than rapidly responding to a Zero-day threat makes it easy for the bad guys to impact your company’s operations.
Complexitities in operations, large of the end nodes, diversity in hosted (data centers, Cloud, VMs, etc), global presence, handoff between teams, ownership conflicts are the inherit factor of any business operation and, hence, this situation warrants that human error are reduced by adaptation of the Orchestration and Automation supported by well defined Security Operation playbooks.
Simply put, the only reason you may feel the cybercriminals are winning, is because you have not called in experts to help you defend your business systems. Well known leadership coach Jesse Lyn Stone asserts, “Asking for help when you need it is a sign of strength, not weakness.” If you’re serious about protecting the customer information your business has and your team is struggling, it is time to bring in reinforcements.
Contact Us Today
What are the Differences? Though often used interchangeably, data pipelines and ETL are two different methodologies for managing and structuring data. ETL tools are used for data extraction, transformation, and loading. Whereas data pipelines encompass the entire set of processes applied to data as it moves from one system to another. Sometimes data pipelines involve transformation, and sometimes they do not.Explore
One Unified Dashboard In the past, most enterprises would have used a legacy business management system to track business needs and understand how IT resources can fulfill these needs. The problem with these legacy systems is the manual data collection process, which introduces the risk of human error and is much slower than newer automated solutions.Explore
Intelligent automation in the workplace is becoming more relevant in the modern market. As automation technology becomes more refined and smart business models allow business owners to optimize their workflow, more and more are turning to intelligent automation for their internal and client-facing processes alike.Explore
What is a Hybrid Data Center? A hybrid data center is a computing environment that combines on-premise and cloud-based infrastructure to enable the sharing of applications and data across physical data centers and multi-cloud environments. This allows organizations to balance the security provided by on-premise infrastructure and the agility found with a public cloud environment.Explore
Leverage Your Data to Discover Hidden Potential The amount of data in the insurance industry is exploding, and the number of opportunities to leverage this data to achieve large-scale business value has exploded along with it. Rapid integration of technology makes it possible to use advanced business analytics in insurance to discover potential markets, risks, customers, and competitors, as well as plan for natural disasters.Explore
Increased Use of Data Lakes As volumes of big data continue to explode, data lakes are becoming essential for companies to leverage their data for competitive advantage. Research by Aberdeen shows that organizations that have deployed and are using data lakes outperform similar companies by nine percent in organic revenue growth.Explore