Wednesday, November 22, 2017

When will the Hacks Stop?


Among all the various controversies that Uber has pulled itself into since its inception as a ride-sharing company, in recent news, Uber revealed around 55 million customers and 600,000 drivers were hacked. This breach was publicized a year after the breach occurred in October of 2016. Among the information that was hacked, it includes: names, emails, phone numbers and license numbers of Uber users.


Similarly, in September Equifax revealed that information including social security numbers, names, and dates of birth of more than 146 million Americans were hacked from their systems. In addition, a few weeks ago Yahoo announced that more than 3 billion accounts were hacked back in 2013. Yahoo came forward with this information in 2016, three years after the initial hack, only to underestimate the scale of accounts that were hacked by 2 billion. At this point, there is a possibility that any American that regularly utilizes the internet has been hacked in some shape or form.

Management of these companies neglect to immediately inform their customers in the event that these breaches occur. When the hack was initially discovered in 2016 by Uber, they paid off hackers $100,000 to not publicize the hack, so that Uber could deliberately construct a plan to fix the issue before it becomes disastrous. This creates distrust from the public for not taking responsibility in lackluster security measures that are prevalent within the company. The main reason why companies tend to delay in informing the public is so that top management can optimize on securing financial and monetary benefits before lawsuits and investigations are ordered.

But how can companies becomes more risk averse and implement security controls that protect consumers’ private information?

In the light of all the breaches that have been announced this year, more companies are hiring third-party security monitoring companies that can assist companies with risk mitigation and monitor vulnerabilities and threats that could be detected within the organization.

How can companies reduce the risk of data breaches? After further research, I came across one company that focuses on providing enterprises with data loss prevention services. On their website, they added these four key points that could help any company increase cybersecurity:

  1. Focus on risk mitigation versus compliance requirements
  2. Build and maintain a comprehensive inventory of sensitive assets and data
  3. Focus on implementing solution to protect data and monitor for data loss at the “data layer”
  4. Consistently execute the security fundamentals

These key points, if implemented, can vastly protect the assets and data of organizations and tremendously mitigate risk of a potential breach. For consumers, they can feel more secure when using the various services offered by these companies without the worry that their information could be potentially hacked.

What do you think are important measures companies could implement to mitigate the risk of a potential breach?

Sources:




2 comments:

  1. This is a great article. Cyber breaches are a result of poor security measures and Equifax like many other companies, involving Target and Home Depot in the past, have chosen to overlook a proper cyber security structure. Many companies fail to implement basic guidelines like multifactor authentication, and many a times the breaches are result of poor security habits of the employees.
    Cyber Culture:
    Many experts give a very important recommendation concerning cybersecurity, and that is to create a cyber culture. As technology continues to grow at an exceedingly fast pace, it brings along many negative aspects that every technology user needs to be prepared for. Individuals should be taught about cyber culture in pre-university curricula, so that they develop good online hygiene and learn about cyber security.
    Wi-Fi Use:
    The best practice in the case is to either to use a secure company network, by avoiding public Wi-Fi. Also, a virtual private network should be used every time an employee access confidential files in a public space. Another important practice it to issue company laptops to employees, that only function for office work and do not entertain any social media or personal use of the device.
    Cyber Insurance:
    It is key to have a cyber insurance in today’s world for every company. Ransomware attacks happen every 40 seconds and have tripled over the past year, this only proves the point of increasing the in house security of a company and then going further by getting insured. Being a victim of a cyber-attack can strain a company of its financial resources.

    ReplyDelete
    Replies
    1. Hi Angad, I definitely agree with your take on why companies choose to overlook cyber security. We have learned from Equifax case that there is usually a monetary benefit that is regarded for not involving cyber security experts to include cyber insurance for their companies. Employing cyber insurance would very much save these companies from primary and secondary losses associated with breaches.

      Your recommendations are also really good ideas for companies to enact to increase cyber security in addition to the ones I listed in my tech briefing. Thanks for sharing :)

      Delete