Cyber security mega-breaches on the horizon?

By 17/01/2019 Opinion

Security breaches typically with vast cost to a company. Even a mid-size organisation can rack up multiple millions to rectify damage from just one breach.

Data breaches are even more expensive, triggering sudden lack of trust in customers, which can take years to regain. Depending on location, fines can add to the cost. In the UK, for example, the ICO (Information Commissioner’s Office) is sharpening its claws, preparing to fine offending companies, punishing them while swelling the Treasury coffers.

Smaller, but significant, breaches may not even hit the headlines

In 2019 we will see more mega-breaches. It is likely that this will, ironically, mean that smaller, but significant, breaches may not even hit the headlines, to some extent “normalising” the event.

With all the cyber security available there is one weakness that cannot be managed by automation: people. People will continue to make mistakes and people will continue to be repetitive and lazy in the way they do things.

The biggest threat, however, is not the individuals that form a user or customer base – it is the apathetic approach of many business leaders, the belief that “it” won’t happen to us”, because they have the latest cyber security system. Cyber security systems are all very well, but is naïve to over-rely on them.

They only have to be lucky once

Hackers will always be one step ahead. They know what they are going to do and how they intend to break in. As with terrorists, hackers just need to be lucky once, whilst the authorities need to be lucky every time.

Yes, businesses should have software with the best bells and whistles, but their security professionals will next year need to actively go on the attack, and be more vigilant than ever in analysing the latest hacking trends.

An Intelligence led approach to Cyber Security is required for 2019.

Ask questions like:

So what?
How are they going to hack into your system?
Why they would want to steal your information?
Who will want to hack into the system?
What do we do to stop them?