It’s been a busy time for data breaches. First in late March the database of the Philippine Commission on Elections (COMELEC) was ransacked in what could be the biggest government breach in history. And then just days later, Panamanian law firm Mossack Fonseca was attacked and 11.5 million documents leaked to the press detailing the shadowy offshore tax arrangements of many current and former world leaders.
The repercussions of these two incidents will be felt for months or even years to come. If ever there was a fortnight to remind CISOs of the value of best practice data protection, it was the one just gone. Continue reading →
Data breach stories make the news so often these days that no IT security leader can pretend to be unaware of the threat out there. If anything, the situation is getting worse, not better, with attacks becoming more sophisticated and harder to spot. If nothing else, news that TalkTalk lost 7% of its broadband customers in Q4 should focus minds on the issue at hand.
If you don’t prepare now for a potential data breach, if and when one finally hits it could have a far more serious impact on the company. Continue reading →
One of the things you’ll hear some CISOs grumble about from time to time is how tricky it can be sometimes persuading the business to release more funds. The skill of the good security chief, of course, is in translating highly technical concepts into a language the board will understand. But even so, it can be a tough sell when the end result of thousands of pounds of investment is … precisely nothing. With cyber security you’re effectively buying insurance against a damaging breach.
So it was interesting last week to see Sony declare that it spent a whopping $15 million on investigation and remediation after major cyber attack last year. It gives just a small insight into the potential financial impact of failing to adequately ‘insure’ your organisation against attack. Continue reading →
One of the curious side effects of working in the information security industry for any length of time is that, after a while, the same stories start coming round again and again. So it was last week when the government admitted that two discs full of data related to three highly sensitive police inquiries had got lost in the post. For those with long memories, the echoes of 2007 – when the personal details of 25 million Britons went missing in similar circumstances – are telling. So let’s remind ourselves again of the importance of good data handling practice and what we should all be doing to minimise the risk of a damaging breach. Continue reading →