Are Companies Prepared Enough To Respond To Data Hacks & Breaches

Though most organisations have cyber-security systems in place, the effectiveness of preventing potential incidents is highly questionable.

It seems the media is portraying how companies are becoming increasingly less prepared in the event of a cyber-attack. For the most part, their cyber-security seems to be reactive rather than proactive. However, this theory may not be completely unfounded as the Global CISO study shows that 78% of Chief Information Security Officers (CISOs) are worried about their ability to detect breaches in the first place.

Shocking figures

IT security spectator, Sue Marquette Poremba, believes that:

“…too many organisations are unprepared for when that incident does happen and spend a lot of time reacting to the aftermath.”

I agree with Sue on this point, but I do believe the general unpreparedness of companies and organisations applies post cyber-attack too. This is supported by the Global CISO study where 300 CISOs were surveyed and only 19% of chief executives said their company is highly effective at preventing security breaches. It’s even more surprising that 81% of CISOs are highly concerned that breaches are going unaddressed – this means that more than 8 out of 10 companies may be aware that breaches are happening, but they may not have an effective plan in place to respond to the breach. This is backed up by the fact that another 78% of CISOs said they were concerned that they don’t have the capability to even detect a breach. If this is the problem, it’s not surprising that the breaches aren’t being acknowledged.

The following figure may be surprising to some, but it doesn’t surprise me anymore: 1 in 10 CISOs admitted that their company experienced a ‘significant breach’ within the past 3 years that resulted in financial and/or reputational loss.

NHS hacks and breaches

A good example of this is the recent NHS hacking scandal. The NHS systems are renowned for being outdated as many are still operating on Windows XP. According to a report from the Big Brother Watch, the NHS Trusts are reported to breach patient confidentiality SIX times a day. This accumulates to 7,255 breaches between 2011 and 2014.

In March, there was another legitimate scare when 26 million medical records were found to be unsecure. This was because GPs were using an “enhanced data sharing” IT system called SystmOne, which allows local hospitals access to these records; something which can be essential in emergency care. But this also meant that the records could be accessed by thousands of employees across the country, and there should’ve been a system in place where only authorised personnel could access the files.

Growing concerns for the NHS in the digital age

There are growing concerns as the NHS digitises its records. This arguably places millions of patients and their records at risk by putting them online where cyber-criminals can try and use any strategic method to steal this data.

The recent hack of the NHS shows they were unprepared, with 47 NHS Trusts affected by the WannaCry ransomware attack. Their response plan was to just shut down the majority of the systems so the attack couldn’t spread, and the NHS didn’t seem to have a plan to prevent the hack from crippling the system. If it wasn’t for the anonymous cyber-security expert, MalwareTech, who killed the malware, I can’t imagine what kind of damage the ransomware attack could’ve caused…

Take home message

This should drill in an important message to CISOs and their companies; prepare effectively so you can respond effectively. Ensure you have the right security measures in place and you have a crisis plan in place to guide employees when you suffer from a cyber-attack…

Sources:

http://www.itbusinessedge.com/blogs/data-security/cisos-admit-they-are-unable-to-keep-pace-with-data-breaches.html
https://www.servicenow.com/content/dam/servicenow/documents/whitepapers/wp-ciso-globalstudy.pdf
http://www.nationalhealthexecutive.com/Health-Care-News/nhs-breaches-patient-confidentiality-six-times-a-day
http://www.telegraph.co.uk/news/2017/03/17/security-breach-fears-26-million-nhs-patients/
https://www.theguardian.com/healthcare-network/2016/jul/01/nhs-seeks-cure-costly-digital-headache
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

Start Your Claim

You can call our claims team free from a landline or mobile on 0800 634 7575 or click on the link below to create a call back with one of our expert Data Claims team.

Create A Call Back

Information on how we handle your data is available in our Privacy Policy.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.