Letter to the Editor: Lessons from the Kiddicare Data Breach

Dear Editor,

It is not surprising to hear that another business has suffered the fate of a data breach, and unfortunately, at the point when a business discovers it has been compromised, the damage is usually already done. Learning from the recently disclosed Kiddicare data breach, it is imperative for businesses to understand that it is not enough to solely rely on Information Security teams to advise if a breach has occurred.

Research publicised this week from the Cyber Security Breaches Survey 2016 revealed that 65% of large firms have detected a cyber security breach or attack in the last year; with 25% of these businesses experiencing at least one breach per month. However, the reality is that these figures are merely scratching the surface. Whilst the public usually focus on the high-profile data breaches, the truth is that so many more data breaches go by undisclosed, to save both reputation and future business. These attacks are happening on a daily basis, and businesses usually only find out that a breach has occurred once their customer data has been sold and their customers become the victim of targeted phishing attempts.

What these figures really show is that normal cyber defences are no longer enough. How many more data breaches will it take before businesses start to make changes? Companies must be proactive and test the security of the whole business – from the perimeter all the way through to employee awareness training. Put simply, taking a proactive stance in relation to Information Security is the only way that companies are going to stop these hacks from happening.

Tony Sweeney, Cyber Security Director for the KCS Group Europe