Breaches Are The New Norm

Post by Mike KnappIncrementa. Originally posted to Incrementa's blog.

I was having a great chat with the CEO of a financial firm shortly after the Equifax data breach. He asked me if I was surprised by breaches like this one.

My answer was, “sadly no.”

Why? We’re in an incredibly awkward and painful time where breaches are the norm. It’s like being a teenager, with zits and bad decisions all over again.

As a teenager, our bodies and minds were under constant assault and we didn’t always have the right tools to manage it. Hormones, crazy growth spurts, bad external influences (both friends and greater threats). We didn’t have the right experience or sound decision making processes, so we’d often fell prey.

When it comes to security, most companies are in the same place. We’ve emerged from relative safety into a highly-connected world, currently dominated by predators. And we’re woefully unprepared.

As a teenager, we got our first job and some simple responsibilities. If you screwed up and lost your job, it wasn’t a big deal. Unfortunately, companies aren’t being given the same easy introduction.

Companies are responsible for a massive amount of information, including personally identifiable information, financial data, and a ton more. Forget a “little responsibility”- it’s like your first job being the CFO instead of the fry-cooker.

Just being the custodian of that data wouldn’t be an issue, except for the fact that we’re at war. Our enemy would do anything to get access to our data – after all, it’s a hugely valuable commodity. Our attacker has become sophisticated enough to match any Silicon Valley startup, with the financial backing to have the best tools and skills available.

A teenager vs highly sophisticated criminal startup? That’s why breaches are the new norm.

There are no “safe companies” out there. For every company that discloses their breaches, there are dozens who don’t.  Small business, large business, or government, it makes no difference. Some are easier to hack and there may not be as much to gain. Others are harder, but the reward is much greater.

I’ve jumped on my soapbox and preached about how we’re at war and it’s time for companies to grow up and take security very seriously.

This doesn’t mean spending 10’s of thousands of dollars on fancy security software and IT consulting. It means coming up with the right sustainable security practices for your business. Reduce the risk to where you’re comfortable because 100% reduction isn’t possible.

If your team would like assistance preparing for breaches and incident response, we can help. Contact us if you need assistance. We have a team of experts with a ton of experience helping organizations improve breach readiness and response.