Cybersecurity was a key issue in 2017 following a string of data breaches on large corporations, especially those in well-regulated industries.
However, despite the IT industry’s best efforts, the likelihood of future attacks has not diminished. If anything, multiple attacks on businesses in 2018 indicate that the hackers and other malicious online entities have only become emboldened by their past successes.
This does not bode well for companies as cyberattacks affect their success and reputations. Thankfully, a glimmer of hope remains for the IT world as long as organizations are willing to learn from their past mistakes and close the loopholes before it is too late.
1. Importance of data security and breach prevention
Data security and prevention against data breaches are two indispensable aspects of modern IT. This has been repeated emphatically over the years but serious lapses in action show how the industry has developed a sad habit of learning the hard way. And one of the most recent casualties is UK-based electronics retailer Dixons Carphone.
Even after implementing GDPR, nearly 1.2 million customer records were accessed without proper authorizations, making this one of the most high-profile data breaches of recent times.
The sad part is, this isn’t the first time the company has experienced something like this. In January of 2018, shortcomings in data security affected more than 3 million employees and customers, attracting a hefty fine of $521,689.
This case should be a wake-up call for the IT sector to adopt proportionate and reasonable measures to strengthen data security to ward of data breaches. Some sensitive areas include cloud storage, supplier relationships, and emails. At the same time, IT should take a closer look at past data breaches and glean insights for remediating and mitigating issues that led to the breach in the first place.
2. Data breaches are not just about cybersecurity
The need for insider threat assessment becomes clear from the Morrisons case. The UK supermarket chain firm was held responsible for the disclosure of data by a rogue member of staff, even though not much could have been done to stop the data breach anyway.
So, reasonable steps must be adopted to improve data security, including addressing the active threat posed by company employees. Apart from monitoring, auditing, and vetting, employees have to be provided suitable training and be placed under supervision.
3. Lessons learned from the Uber hack
In November 2017, Uber revealed that it had been the subject of a data breach. Details of over 20 million users were exposed and Uber failed to respond appropriately. However, this was a learning experience for IT as it exposed a lot of glaring errors in the prevalent data security processes.
Avoid using repositories to store sensitive data: The company’s software developers used GitHub, a third-party repository to store private login data. This is a complete no-no. The role of repositories like GitHub should not extend beyond project collaboration, distribution of application versions, and bug tracking.
Don’t make the same mistakes: This was not Uber’s first data breach rodeo. In 2014, the company’s developers posted code publicly on GitHub but accidentally left a login key embedded inside. It wasn’t long before hackers found the key and stole the data of 50,000 Uber drivers.
Never trust hackers: After the attack, Uber paid a ransom of $100,000 for the data and asked the hackers to sign an NDA. But placing trust in the kindness of hackers sets a bad precedent for the IT world at large. Apparently, they did not have anyone like Kalinda from “The Good Wife” in their security department!
Avoid waiting too long: Even though the Uber data breach happened in 2016, it wasn’t until the next year that people got to know about it. This implies little regard for the trust and data of customers. Moreover, Uber affected the employer-employee dynamic by failing to guard employee data.
Never underestimate the power of customer perception: The data breach made Uber trending news and most of it was not good. Due to this sort of negative publicity, rival app cab service Lyft’s customer base expanded 7 percent, and over half of Lyft’s new riders were past Uber users.
4. Lessons learned from the Facebook breach
About 87 million Facebook users worldwide were in for a rude awakening when they received word that their data had been compromised owing to a security breach. In the aftermath of the scandal, several major IT lessons came to light:
Own up to your mistakes: When assessing the overall scenario, cover every base and ensure you are thoroughly aware of the circumstances. If you find you’ve committed an error, accept it. Go up on stage and humbly apologize. Accept the blame on behalf of your team as well.
Work with accurate information: IT teams are not all-knowing. They might have to hire experts and professionals in specific fields to instruct them while making the right decision. Thus, if you have reason to believe that your team is under tremendous pressure, ask them to step back and acquire all the relevant data. Team meetings and huddled sessions play a vital role in the process. Also, be honest and maintain transparency with your team.
Create a core team: During the crisis, the entire IT sector looks to the core team. If the company is experiencing a rough time, make sure your core team stands strong and assists the whole firm in overcoming the situation. If necessary, maintain the core team but make changes to the other teams as necessary.
5. The need for quick detection and response by IT
Gartner data reveals that almost 80 percent of security budgets in 2016 went into protection while a mere 10 percent was allocated to detection.
The other 10 percent went to response. What IT teams fail to realize is this: prompt detection decreases the cost and impact of data breaches. At least if the response is quick and careful, not all of the customer’s trust will be lost.
For the purpose of breach detection, it is necessary for IT teams to implement user activity monitoring products that seek out threats and deliver alerts to mitigate or prevent data breaches.
At the same time, it is necessary for businesses to create a proper Incident Response Plan — one that highlights the steps that must be followed during a breach, the timeline for actions, as well as the involved teams and their responsibilities.
The bigger picture
The IT sector is becoming more vulnerable with each passing day. With that said, it is time to take a step back and look at the bigger picture to effectively deal with security challenges. Only by learning more about data breaches and coming up with effective defenses can the industry hope to survive.
Featured Image: Pixabay