Blog / Are the Hackers “Winning”??
It seems that Data Breaches are happening more and more often. These days when I go through the news it’s hard for a week to go by without someone reporting they’ve lost data. For instance:
Heathrow Airport fined £120,000
Vision Direct loses Customer credit card information
This didn’t used to be the case, so what’s going on? Are Breaches happening more frequently? Are the Hackers “Winning”??
I decided to see if I could find some answers.
The “haveibeenpwned” website maintains a Database of hacked User Information found by Security Researcher, Troy Hunt.
I did a search of all the Breaches that are stored in his Database, which you can do yourself, by going to the following site: https://haveibeenpwned.com/PwnedWebsites
2017 saw a total of 161 Breaches added.
2018 has only 131 added so far.
The year’s not over, but overall those numbers are pretty close.
While this is certainly not conclusive, it is strong evidence that seems to say that Breaches are no more common now than they used to be. What’s changed is that there are now Regulatory Requirements forcing companies to make this information public.
Historically, Breaches have been something that companies would not disclose or make public. Only in situations where the data was extremely important would they respond with any level of urgency or Public Announcements.
A prime example of this behaviour is the EQUIFAX Breach. At the time, there was no regulatory requirement to make that Breach public in any way. This is most likely the reason they didn’t announce the Breach for more than a month after it was discovered.
Even after that delay, it’s clear from their response that they had no plan in place on how to handle a Breach of important data. That on its’ own, is a very telling thing. Failure to plan for a catastrophic event means that there was a massive oversight internally, or they simply refused to acknowledge that this sort of thing could even occur in the first place.
Any organization that does not have a Policy on Breaches is essentially them believing that they will never be breached. That’s a great position to take, if you enjoy gambling. If you’re right, then that’s one Policy you never needed to expend the effort in creating in the first place. What if you’re wrong? It could result in losing everything. The new Legislation in Canada (and other countries) allows the CEO to be sued DIRECTLY, when a Breach happens!!
Spend the time to come up with a reasonable plan. It’s not like doing so takes a long time. It demonstrates a realistic attitude, and could prove to be a useful defense in Court, should you get breached.
If you have any questions about preventing and handling a Data Breach, you can always reach out to your TRINUS Account Manager for some stress-free IT.
Your Friendly Neighbourhood Cyberman.