Don’t Let Data Breach Fatigue Cause Dangerous Cyber Security Complacency

Effective cyber security is a constant cycle

Effective cyber security is a constant cycle

With retail giant Home Depot finally putting numbers to the largest compromise of customer credit card information in history this week, and yet maintaining steady sales numbers this quarter and a positive growth forecast for next year, cyber security complacency can become a real danger. GDF’s founder discusses what the ugly side of a data breach can look like to businesses that are not giants in their respective industries and the importance of constant vigilance.

Massive data breaches the new norm?

Earlier this week, Home Depot revealed that up to 56 million of their customers may have had their credit card information pilfered by hackers, surpassing the 40 million Target tallied late last year, spawning a slew of headline articles like this one published by Bloomberg on September 18th, but those weren’t the only eye opening numbers.

“Most people tend to focus on how many credit card numbers were stolen, almost like it’s a way to score a game,” says Joe Caruso, founder and CEO/CTO of Global Digital Forensics (GDF), a premier provider of cyber security solutions for businesses, “but the numbers that should really be seeing the spotlight more are the ones that put dollar signs to the costly aftermath of a successful breach.”

According to the Bloomberg article, Target estimated that as of August 2nd it had spent $146 million in expenses directly related to the massive breach they suffered during last year’s holiday season.

“Sales dipped, trust and integrity took a beating, and their bottom line was obviously heavily affected. But this time the tune is playing a bit differently, Home Depot’s numbers and projections seem to be rolling on like it was just a relatively minor blip on the radar, with their shares actually ticking up by a percentage point since the revelation about the breach first came to light at the beginning of this month. What concerns me is that both consumers and businesses may be getting numb, as in desensitized, to the crippling and costly aftermath a successful breach can have on any business,” warns Caruso.

Survival of the deepest pockets

“In March of last year, the U.S. House Small Business Subcommittee on Health and Technology conducted a study which determined that nearly 60% of all small businesses that were victims of cybercrime closed their doors within 6 months. That is the reality most businesses face still today. Weathering the storm to the tune of almost $150 million like Target has is just not in the realm of reality for small to mid-sized businesses, and it’s enough to fatally choke even some of the largest. Home Depot expects a little over $60 million in expenses related to their breach this year alone, with their insurance company flipping almost half that bill, but they are huge, so they can absorb numbers like that and keep the wheels turning. They can afford credit protection services for almost 60 million cardholders, they can afford the insurance spike sure to come, and they can still function though the black eye because they will still have throngs of loyal Do-It-Yourselfers, contractors and handymen coming through their doors. But if your business isn’t on that top rung of the ladder, the fallout of a data breach could easily prove too much to bear. That’s why becoming complacent because you see these headline-making superstores survive breaches and stay open is such a danger, it’s apples and oranges compared to the devastation a typical business can face,” says Caruso.

Staying on top of the basics is paramount when it comes to cyber survival

“While having antivirus and anti-malware solutions always up and running should be a no-brainer for everyone “plugged in” to the digital world today, there is a lot more to having the basic bases covered,” says Caruso. “You need to have regular vulnerability assessments performed to zero in on what threats are most likely to affect you. Every organization has a unique data environment and needs to know what threat vectors pose the most likely threat, and since technology and threats both continue to evolve rapidly, regularity is important. Next you need to identify the weak links in your particular security chain, so regular penetration testing goes hand in hand. We take on the role of real-world hackers and shine a light on your weakest points, whether in may be insider threats, all those new mobile devices many businesses are relying on more every day, outdated and/or unpatched software, social engineering like phishing or spear phishing campaigns, or even zero day exploits that have not been reported, documented and patched yet, we cover it all. And then there is probably the most important element, having an effective emergency incident response plan, preferably with experienced emergency responders in the loop ready to jump into action immediately at the first sign of trouble. We have strategically positioned emergency responders across the country on call 24/7 so that our response time is unrivaled in the industry, and many times we can start the process of identifying and stopping the attack remotely from one of our attack centers, But if boots on the ground are required, we’ll have them there within hours, not days. We can not only help clients beef up and modernize their emergency response plans and procedures, we can even help clients create them from scratch if none exist, and that will go a long way to alleviating many of the headaches and pitfalls organizations face when dealing with regulatory compliance issues so many industries face, from financial institutions and healthcare providers, to retailers and universities. We’ve seen it all before and have that experience, so all you need to do is make the call and let us help you get and keep all your ducks in a row.”

Customized security solutions for the uniqueness of every kind of client

Global Digital Forensics is a recognized industry leader in the fields of computer forensics, cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a cost-effective plan which will meet your unique needs, without wasting resources on solutions you simply don’t need. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit our cyber security page.