It has been revealed that data breaches are up 75% in two years, finds a report from the Information Commissioner (ICO). The report, which used data gathered under the Freedom of Information Act, found most data breach cases to be applicable to human error in some way. Offering insight are the following security experts:
“This level of increase comes as no surprise, and correlates well with the security practices we encounter when working with our clients. The most secure companies we work with today have put a clear focus on creating a “culture of security awareness” that extends beyond the obligatory security and privacy training. These organizations have made security a key element in a variety of everyday tasks – from how meetings are conducted to employee performance reviews. When this approach is combined with appropriate technology, the organization can keep better control of their information without focusing on “who is responsible for the data breach.”
The impact to business and reputation have been well publicized, but many organization are not making the investment required before an unfortunate incident occurs – in spite of GDPR. In fact, we see early signs that theft of “low value” data suddenly becomes “high value” when the attacker turns to blackmail with stolen information. The victim feels compelled to pay just to avoid the GDPR penalty.”
Mayur Upadhyaya, Managing Director, EMEA at Janrain:
“The emerging trend that is highlighted in the Kroll analysis and request for information from the ICO is the level of human interaction required in the processing of personal data. This trend will only be on the rise post GDPR with the potential number of Subject Access Requests that will be manual processes. The combination of paper processes, security solutions built in-house and legacy shadow IT, does create a perfect storm. For instance, when dealing with call centres we still rely on knowledge as our primary source of identity resolution – this level of information can be found quite easily online. Organisations needs to find a more robust methods for storing customer identity and profile data, once these types of solutions are in place, augmenting with automation and anomaly detection becomes more actionable.”
“Contrary to the popular belief that cybersecurity and data breaches are all due to malicious attackers trying to break into an organisation and steal data, inadvertent human error is likely to be the biggest reason why a company loses data. As humans, we naturally fixate on the scary things which are unlikely to harm us (e.g. sharks in the sea), but don’t think twice before we get into a car and drive to work (statistically one of the most likely things to cause us harm) — this also applies to information security where companies routinely underestimate the risks from processes that seem safe (emailing) but can be catastrophic when humans make mistakes. Misaddressed emails are consistently one of the main forms of data security incident reported to the ICO highlighting the importance of cybersecurity and data protection policy to not only focus on preventing the headline grabbing hacks but also save your employees from themselves.”
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.