Judging by the huge increase in data breaches and numbers of records compromised over the last few years, there’s an argument to say that breaches have become inevitable…
Equifax has been one of the most talked-about companies in recent times for the huge data breach that saw 143 million people in the U.K., U.S. and Canada have their personal data security compromised.
The major credit-reporting agency is even used by some government authorities, and with such a high-profile case involving an international organisation that should be at the forefront of cybersecurity, it stands to reason that there is a basis for the argument that data breaches are inevitable.
Yahoo also famously suffered multiple data breaches without knowing it for years. Without appropriate data breach detection technology, many companies may not even realise they have been breached until someone tells them.
Troy Hunt, creator of HaveIBeenPwned.com, has come across a fair-share of data breaches that the offending organisation was not even aware of. Recently, picture-sharing website “I Heart It” was reportedly told by Hunt that tens-of-thousands of their user login details had been stolen years ago.
The common use of phrases like “advanced persistent threat” by breached companies creates an image of relentless hackers using complicated and sophisticated hacking tactics with unparalleled skills to gain access to data.
This could be true; but most of the time the reality involves phishing emails, “point and click” exploits and poor password protection (Equifax apparently used ‘admin‘ as its login username and password!).
It’s worth remembering that data breaches aren’t always sophisticated hackers, circling and attacking firewalls for weak spots in order to steal confidential information and watch the world burn. Data breaches include internal leaks by employees who are either ignorant of their data protection obligations or make a simple, yet devastating, mistake, like accidentally uploading confidential documents online…
Data breaches may only become inevitable if nothing is done. In a street where burglars are commonly reported, you can say with virtual certainty that leaving all the doors to houses containing thousands of pounds worth of goods unlocked will mean they’ll likely be burgled within time. Organisations must be aware that an attack may be inevitable, but a breach is not always so inevitable.
A mind-set that a breach is inevitable can give organisations a defeatist viewpoint though, thinking that, “it’s going to happen anyway so what’s the point in trying to do anything about it?”
This could be very harmful as, without any protection, organisations could face a far bigger breach and probably compromise a lot more consumer data. Organisations also needs to detect breaches quickly and disclose them ASAP so consumers can start to protect themselves.
IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.
Request a call back from our team
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.