Interesting article posted by The Hacker News team, Top Data Breaches Reported in last 24 hours
It’s interesting because with an exception of Google’s internal data breach, I'm almost confident that other organizations on the list were convinced that their data was protected, or at least one would hope that this would have been the case.
Now, these organizations will have to invest a significant amount of time and money into investigation, remediation and on-going protection of their infrastructure and web applications. Most importantly, they will start asking the right people the right questions, and, they will begin listening and taking action.
Almost daily we hear statements such as, “My IT guy tells me that our web applications are well protected”. It does not cease to amaze professionals within the information and cybersecurity industry for one simple reason. Don’t get me wrong, most likely your “IT Guy” is the best at what he does, and provides your organization with exceptional customer service. At the same time, he or she most likely does not specialize in information and cyber security, period. The assumption that every IT professional, with or without the credentials, is an information and cyber security expert, is false. If you are able to install and configure an antivirus on my computer, you must be a security expert; that is wrong.
Most business leaders are smart and perceptive. They are in their roles in part because they know how to ask the right questions. Unfortunately, when it comes to information and cyber security, asking the right questions is not enough. You must also ask the right people.
I guarantee that when you have a toothache, you won’t call and go see your favorite and talkative car mechanic. You could, but I am confident that you would not be pleased with the results of your treatment.
Two main reasons generally leading to security breaches and data leaks are: a) complete business leadership unawareness, and b) hoping that it won’t happen to you and your organization. Did you ever invest in something that was not a cure for your problem? Think for a minute… Yes, you have. At some point in your life, you purchased life insurance, and, wait, you probably have smoke and carbon monoxide detectors, and both car and home insurance. Why? Because, while some of the above are mandatory, such as car insurance, as you may lose your license while driving without it, others are in place in case something "bad"happens.
Oh wait, we forgot that your home probably has a front door that has a lock to keep your home and your family safe. If you were aware that there is a threat to your family, would you upgrade your door to a better one, with a lock that is more difficult to open? Of course you would. Across our neighborhoods, people began investing thousands in window security bars after just one rumor of a break-in nearby.
Consider this: information protection technologies, everything from endpoint to web application and beyond, are in most cases your best “door” with the best "lock" your money can buy. Provided that you partner with the right people, they will ensure that you are aware of the threats, and take a proactive approach prior to, and not after the fact that your business name is headlining The Hacker News and the mainstream media.
Since we, and our industry partners firmly believe that the awareness is key, we are always available, and look forward to answering your questions. Waiting and hoping that it won't happen to your organization, are no longer your options.
Steve E. Driz