By
Gigabit Systems
November 18, 2018
•
20 min read
From year to year, cybersecurity attacks continue at an exponential rate. In fact, the Identity Theft Resource Center reported that U.S. data breaches increased by 44.7% since 2016. Each and every business can learn from the shortcomings highlighted by specific 2018 cyberattacks in order to strengthen and progress their cyber-security. Below are three lessons to consider applying your business’s cybersecurity strategy and how other companies learned them by example.
Securing Your Security Department: Why Evaluation Measures are Viable
Earlier this year, Panera bread suffered from a data breach that leaked millions of customer records. The attackers captured this information from individuals who had placed their orders online. To make matters worse, the journalist who broke this story (Brian Krebs) was dismissed by the company’s information security team. In fact, the team deemed his findings as a “scam” when initially presented with them in August of 2017. Little did they know that eight months later, the company would need to take their website offline to patch the issue once and for all. Estimates reveal that 37 million customer records were compromised from this breach.
Don’t wait for a cyber criminal to attack. Contact Gigabit Systems today.
This case study ultimately revealed the flaws of Panera’s security approach. Although the company had an entire department devoted to implementing their cybersecurity strategy, the team failed to effectively identify an imminent threat in a timely manner. Had the company placed evaluation measures to assess the department’s approaches and measures, perhaps they would have mitigated some of the damage associated with the breach. Moving forward, businesses can evaluate their cybersecurity strategy by involving a third party. Involving a neutral, third party insight increases the likelihood of uncovering shortcomings that have internally gone unnoticed. Identifying and attacking these gaps through regular, scheduled security tests should be considered for all businesses looking to up the ante with their evaluation measures.
Keeping it Consistent: The Importance of Third Party Vendors
To elaborate on the topic of third parties, it should come as no surprise that a vendor’s strength should mirror their client’s. For example, Delta Airlines, who outsources some aspects of their customer service engine to an online chat services platform known as [24]7.ai, was forced to notify thousands of customers that their sensitive information had been exposed. This information almost exclusively was limited to payment information that customers had shared via the [24].7ai platform. Other companies who contract with [24].7ai, including Best Buy and the Sears Holding Corporation, also announced that they had customers potentially affected by this same breach.
To share your business’s data and services with another is to share the same values. For this reason, the security controls and measures of your vendors should be of the same or greater quality of your own business. As we transition in 2019, one important strategy to take away from this 2018 incident includes understanding how your vendors implement cyber security. Businesses should read up on each of their provider’s security protocols, and how compatible these are with your own team’s.
Maintaining Cyber Security
With data breaches showing little-to-no sign of slowing down in 2019, we’ve now approached a pivotal moment in cyber security. Within your business’s networks, ask yourselves - we have a strategy, we have an understanding of the issue, but how do we maintain its effectiveness? Overall, the data breaches of [24]7.ai and Panera Bread emphasize the need for quality control and maintenance in cyber security. Cyber security is no longer a foreign concept in 2018; it is reflected in security approaches across all industries and all markets. In sum, keeping these approaches effective and useful requires robust evaluation measures and value consistency when working with third party vendors.
Learn more about the latest in cyber security by subscribing to our blog; https://www.gigabitsys.com/news