Many, if not most, of the data breaches throughout 2016 could have been avoided with the correct people, process, technology and most importantly culture in place. This is the opinion of Phil Bindley, CTO of Cloud Services Provider (CSP) The Bunker, who argues that the biggest security threat for organisations in 2017 will be a complacency towards good security hygiene.
According to the 2016 Data Protection and Breach Readiness Guide, 93 per cent of breaches in 2015 could have been prevented. Despite this learning, breaches continued to take place throughout 2016, including some of the largest scale hacks in history. These ranged from the Panama Papers data leak, which saw Mossack Fonseca lose 11.5 million files after hackers breached its systems, to – more recently – the breach of Daily Motion whereby 85 million user credentials were compromised.
For Phil Bindley, in order to significantly reduce the occurrence of data breaches and to prevent this trend from continuing as we move into 2017, organisations need to start to look at everything through a lens of data security.
He explains: “The sheer number of data breaches throughout 2016 has led many to believe that falling victim to a hack is no longer a matter of ‘if’ but ‘when’, as the adage goes. However, many of these incidents could have been prevented. The problem here is that, all too often, the responsibility for security starts and ends with the IT department, meaning that these incidents continue to occur. Either senior management staff are ignorant to the importance of good security hygiene, or information security professionals are failing to communicate the message.
“Data is the most valuable asset of an organisation, from the Intellectual Property (IP) on which their businesses are built, to the Personally Identifiable Information (PII) that they hold on behalf of their customers. Therefore, everyone in an organisations must be thinking about what they do on a day-to-day basis to protect this. It simply doesn’t make good business sense to do otherwise, especially considering that the deadline for compliance with the General Data Protection Regulation (GDPR) is approaching, where companies will be subject to large fines for failing to keep personal data appropriately secure.
“While breaches will continue to take place as hackers become increasingly advanced in their tactics, the severity and frequency of these can be dramatically reduced. Organisations must incorporate a culture of information security in all aspects of a business. It’s not about building a bigger firewall, it’s about a complete shift in attitude towards cybersecurity. This new culture has to come from both the top-down, and from the ground-up; it’s a form of behaviour that flourishes when people believe it is the right way of doing things and not simply a box-ticking exercise.
“This ethos extends to every facet of an organisation, including the supply chain. To this end, companies need to oversee all aspects of their outsourcing arrangements to ensure they provision third-party services from a provider who offers the utmost cyber resilience and transparency. After all, information security empowers businesses to be more competitive, manage risk, protect their brand and allow innovation in a controlled manner, therefore there’s a significant benefit to be had from working with a Cloud Services Provider (CSP) who values security,” concludes Bindley.