JP Morgan, Home Depot,Target, Kaiser Health,Adobe All Big Data Breaches
My day job is a partner of GFI Software, Each day I speak to IT admins form very small to very large companies in North America, My focus is on Patch Management, Network Vulnerability Scanning,Windows Event Log Management, Securing network endpoints, W3C log management, as well as web security and email security.
Even today I get calls from small banks and credit unions after they fail a bank audit.
Today, most reporting about a data breach will place the blame on some mysterious group of hackers who broke into a business network and stole customer data. This takes the heat somewhat off of the victim. However I ask you, have not thieves been around in one form or another since the beginning of time? Bandits, Robbers have always been around.
Much of the blame in this case must be placed on those we trust to keep our data safe
#1 Many companies fail to properly invest in network security tools. Far too often it is the C.F.O. that will make the final decision. Unfortunately too many times the purchase of network security improvements is put on hold due to budget reasons. CFO’s too many times consider data security an expense rather than an investment
#2 Poor practices involving patch management, and utilizing a layered security approach by undertrained, understaffed, and underfunded IT departments. There is basically little or no training for employees dealing with data security or security best practices.
#3 Little or no investment in working with Network Security Consultants. Many companies rely on their Admins to navigate seemingly incomprehensible set of data security standards , then expect them to protect the business and it’s customers using the cheapest possible methods.
#4 Even large companies do not even have a plan in place to prevent data breaches to begin with. It is only when they find themselves on the evening news that they begin to realize the error in their penny pinching ways because only then will they lose money and customers.
#5 Thanks to a mish mash of federal and state laws the penalties for a data breach may even be little or nothing. For example banks only have to report a data breach or online intrusion if it is deemed to result in a financial loss to customers. Breach notification laws vary state by state.