The facinating numbers come at the heals of the Target breach which we have been discussing on this blog and doesn't include the millions in the latest eBay Breach. Its raining on the American Public as millions of (PII) records are exposed. Here are the facts and figures Ponemon and Jose Pagliery of CNN have dug up for CNN Money:
"Cyber attacks are growing so numerous that we're becoming numb to them. Researchers at IT company Unisys (UIS) say we're now experiencing "data-breach fatigue." Even the most recent numbers make for a dizzying list:
- 70 million Target customers' personal information, plus 40 million credit and debit cards
- 33 million Adobe user credentials, plus 3.2 million stolen credit and debit cards
- 4.6 million Snapchat users' account data
- 3 million payment cards used at Michaels
- 1.1 million cards from Neiman Marcus
- "A significant number" of AOL's 120 million account holders
- Potentially all of eBay's 148 million customers' credentials"
More numbing then the facts and figures presented by Ponemon Institute for CNN MONEY is the fact that the industry has not adopted better and well known security practices as a whole. Need I go on? For ten years industry has been digging a hole deep in the sand and sticking their preverbal heads in the hole. See my blog post on accountability.
Let's not blame it on companies looking at profits after all isn't that why companies are in business to begin with. However we too pause, when companies select tactical gains to satisfy quarterly earnings statements and maybe making themselves look good as opposed to the overall strategic growth and health of a company or corporation. Read responsibility to share holders, and company employees. To some extent the risk Vs reward discussion will come up and when presented executives will nervously select profits. Until boards reflect the knowledge, skills and abilities necessary to make both tactical and strategic management decisions we will continue to see the deep decline and clearly the never ending "year of the breach". Operational executives will respond in kind when Boards of Directors begin to ask the thorny questions which should focus on the strategic growth of the company. Employees will then be motivated and hear the clarion call from mount high when the CEO comes back from the board meeting and says they want more security and assurance before we can bring that function on board, who certified that code, who tested it and who is taken ownership of the relationship with the software team?
Here's hoping that the second half of 2014 is the year of Board of Directors active and attuned to what is going on not only in the front office but every office. That function continues to thrive and work closely if not right next to the security team. That multi-factor authentication is used not just for outsiders, but insiders as well. That outside relationships are clearly defined and SLA's (service level agreements) are scoped out to protect both the vendor and the company. That data which can be held in a planet sized computer terminal or a tiny smart phone is protected and preserved because we should all enjoy a level of privacy. That when we buy the state of the art upstream gadget that detects attacks and when alarms go off and people start screaming at the top of their lungs someone will listen and will have been properly trained on the use of the gadget and that it is properly configured. All very hopeful that the year end will be better than the start. The future is now before us. Let's see how we do!
Good luck everyone!
Let's not blame it on companies looking at profits after all isn't that why companies are in business to begin with. However we too pause, when companies select tactical gains to satisfy quarterly earnings statements and maybe making themselves look good as opposed to the overall strategic growth and health of a company or corporation. Read responsibility to share holders, and company employees. To some extent the risk Vs reward discussion will come up and when presented executives will nervously select profits. Until boards reflect the knowledge, skills and abilities necessary to make both tactical and strategic management decisions we will continue to see the deep decline and clearly the never ending "year of the breach". Operational executives will respond in kind when Boards of Directors begin to ask the thorny questions which should focus on the strategic growth of the company. Employees will then be motivated and hear the clarion call from mount high when the CEO comes back from the board meeting and says they want more security and assurance before we can bring that function on board, who certified that code, who tested it and who is taken ownership of the relationship with the software team?
Here's hoping that the second half of 2014 is the year of Board of Directors active and attuned to what is going on not only in the front office but every office. That function continues to thrive and work closely if not right next to the security team. That multi-factor authentication is used not just for outsiders, but insiders as well. That outside relationships are clearly defined and SLA's (service level agreements) are scoped out to protect both the vendor and the company. That data which can be held in a planet sized computer terminal or a tiny smart phone is protected and preserved because we should all enjoy a level of privacy. That when we buy the state of the art upstream gadget that detects attacks and when alarms go off and people start screaming at the top of their lungs someone will listen and will have been properly trained on the use of the gadget and that it is properly configured. All very hopeful that the year end will be better than the start. The future is now before us. Let's see how we do!
Good luck everyone!
No comments:
Post a Comment