Beyond a Nuisance: Data Breaches Threaten the C-Level

Today, shareholders, the press, the public, and federal regulators have little patience for organisational leaders when a data breach occurs on their watch, particularly when personally identifiable information (PII) of employees or customers is compromised.

This hasn’t always been the case.

In January of 2009, Heartland Payment Systems disclosed a data breach enabled the theft of about 134 million credit cards, one of the largest data breaches in history. Heartland lost hundreds of customers and its share price dropped almost 80%.

But the CEO kept his job. In fact, he was praised for his openness about the breach and even participated in security best-practice discussions.

Contrast this with more recent events:

  • Debbie Wasserman Schultz resigned from her chairwoman post at the Democratic National Congress last month after 20,000 emails were leaked, several of which discussed undermining Democratic presidential candidate Bernie Sanders.
  • Home Depot is facing 44 lawsuits resulting from its 2013 data breach.
  • Sony Pictures’ CEO Amy Pascal was fired in 2015 after a data breach exposed employees’ PII and several inflammatory emails from Sony executives.
  • When the U.S. Office of Personnel Management was breached in 2015, Director Katherine Archeluta resigned under pressure. The OPM and its private contractor KeyPoint Government Solutions now face at least seven class action lawsuits filed on behalf of federal employees.
  • After the breach of the Ashley Madison site in 2015, Noel Biderman, CEO of the site’s parent company Avid Life Media, tendered his resignation.

Executive teams and boards of directors can no longer delegate responsibility for data security to the IT department. Data security is now a board-level objective.

How should management teams approach this new mandate to secure customer PII? Here are some suggestions:

  • Choose IT systems that encrypt confidential data both in transit and at rest wherever confidential content is used—even on your employees’ mobile devices.
  • Ensure that your IT organisation maintains control of encryption keys. Third party management of encryption keys creates vulnerabilities.
  • Support two-factor authentication for critical systems and make sure your systems can automatically shut down brute force login attempts that submit thousands of passwords to guess their way into accounts.
  • Track the distribution and sharing of confidential data to monitor the flow of content throughout your organisation – on either side of the firewall.
  • Deploy a private cloud infrastructure to ensure full control over data and services. If additional IT resources are needed, adopt a hybrid cloud infrastructure that leverages trusted public cloud resources.
  • Segment your networks so that a breach is confined to one area of your network and not the entire network.
  • Educate users about the risks of phishing attacks and other stealthy attempts to gain their credentials.

By taking a proactive approach to IT security that emphasises best practices and continual oversight, boards of directors can fulfill their fiduciary responsibility to protect their organisation’s data, reputation, and financial standing.

To learn more about Kiteworks, Accellion's on-premise, private cloud secure content platform and how it helps to prevent costly data breaches, contact Mark Heard.

To download a copy of the whitepaper - The New Imperative: Securing Enterprise Content,CLICK HERE.

 

Latest Security Problems Solved

Privileged Password Management - Pitfalls to consider More >
SIEM matures, however landscape changes. More >
What Does It Take To Lower Your Mobile Cost Of Ownership? More >
2014: The Year Encryption Comes of Age More >
Our Solutions
Security Solutions

We work with leaders in the fields of data protection, authentication and perimeter security to protect your organisation and manage any threats with the most effective security systems. More >

Technical Services

MPA New Zealand Ltd provides a range of technical services to compliment the vendor technology our company brings to the local market. More >