The Consequences of Data breach

The consequences of data breach may not only signify loss of millions to a business organisation but may mostly impact the business element when it comes to relationships with its clients.

A serious data breach leads to grievous consequences

This could be evidenced by the recent shutting down of the offshore law firm Mossack Fonseca as the media siege that revolved around the organisation not to mention the collapse of its reputation as well as the aberrant activities on behalf of Panamian authorities have totalled in what the company itself has termed as “an adverse business environment”, leading to its ultimate decision to cease all operations. This news comes almost two years after the organisation was catapulted in the spotlight when it was revealed that it served as the kernel of the Panama papers investigation breach, which linked more than 214,000 offshore entities to some of the world’s most powerful and corrupt people including 12 current or more Heads of state, 140 politicians and led also to the resignation of the Icelandic and Pakistani Prime Ministers at the time.

Another institution that fell heavily out of favour with its patients and clients in May of 2016 was the NHS Trust that saw one of its clinics become a behemoth of spite when it accidentally leaked details of almost 800 patients and attendees of HIV clinics in a group email newsletter, where patients were supposed to be blind-copied into the email. The Information Commissioner’s Office titled this action as “a serious breach of the law” and consequentially the clinic was fined £180,000. Albeit Medical Director, Zoe Penn’s apology which stated that the clinic was doing its utmost to remain in contact with the affected individuals and to update them on all necessary actions taken to prevent them and others “being put in a similar situation in the future”, this was an action that cost the reputation of the NHS to suffer a critical blow.

The year of Hack

The year 2011 was referred to as the “Year of the Hack” as severable reputable organisations like Sony, RSA security and Litigroup as well as governmental websites and smaller firms, lost invaluable sums of money due to unpredicted cyberattacks that occurred due to their lax security measures. Vulnerabilities are what ultimately led these companies to not only suffer major financial damage but ultimately lose their clients’ trust and thus, no longer be held in high esteem or be able to be in possession of a bigger piece of the market share.

Sony was hacked between April and June of 2011 and had 77 million accounts affected in what is reputed to be “the worst gaming community data breach ever” as the valuable information stolen consisted of full names, logins, passwords, emails, home addresses, purchase history and even credit card numbers.

US Research group, Stratfor, was hacked by anonymous members, who went on to publish private information from 4,000 clients and then threatened they would disseminate about 90,000 credit card accounts. Not only that but Stratfor’s prestige hit the darkest pits when the attackers announced that the research company was “clueless… when it comes to database security” with a report later stating that Stratfor’s losses incurred the $2 million mark.

Although no account information was exposed when AT&T Carrier was hacked in 2011, the money stolen from the association was used by Al Qaeda to fund terrorist actions in Asia, with further reports stating that AT&T had to refund their customers a total of almost $2 million in damages.

Cyberattacks and business impact

Principal at Deloitte Risk Financial Advisory, Emily Mossburg, states that CEOs and other C-suites in business organisations and major institutions do not seem to acknowledge the real losses incurred by their organisation when it comes to cyberattacks. Other than the millions and billions that may be lost in financial damages, most companies do not deem the importance of other hidden costs such as, intellectual property which could go missing in the form of trade secrets or strategic documents. Other hidden costs could consist of insurance premium increase, increased costs to cover debt, operational disruption or destruction, lost significance of customer relationships, value of revenue due to lost contracts, as well as depreciation of trade name.

Mossburg highlights the continued importance of understanding the evolving vulnerabilities as well as the threat development at the base of the adversaries’ operations, which could have a high business impact that unfortunately seems to be “sorely lacking” in the discourse initiated by the owners and chief operators of business companies. What business organisations may not be aware of is how well-funded hackers are, the sophisticated tools at their disposal as well as the motivations they have, which go beyond stealing money and data to completely disrupting a whole business system due to the sophisticated AI Structure they deploy.

Mossburg said that even though technology allows for more vigilance with the potential to answer quicker to threats, this issue does not revolve solely around technology as business elements are at stake and need to be at the forefront of this.

Implementing the appropriate cybersecurity measures

With the right cybersecurity procedures in place, business organisations require suitable critical investigation tools, controls and recovery as well as access to the appropriate forms of crisis and communication management required to handle legal obligation and brand security.

A wide variety of intelligent sources are significant in order to counterattack emerging hacks and adversaries. Attack and product intelligence is deployed to mitigate the tools, techniques and procedures used by hackers to attack the business organisation and this kind of intelligence serves the purpose of identifying what adversaries are after. Irrelevant of the system used by the business organisation, the incident response caters to the threat and the environment surrounding the company.

The implementation of adequate cybersecurity methods makes it more facile to identify ongoing or past intrusions, submit to risk assessment following the identification of weaknesses in the business organisation’s security structure, vulnerabilities, improper usage or policy violations and system misconfigurations.

Consultancy and Education services on cybersecurity are offered by CyberSift to boost the business organisation team’s operational skills and improve their competence when it comes to evade, detect and respond to cyberattacks.