Data Breach Immunity is a Myth

By: Arieanna Schweber | 1/5/2016

We have talked a bit this year about the dangers of overconfidence in data security. According to the Breach Confidence Index, 83% of organizations claimed to be “fairly” or “very” confident that their business was secure against a data breach. This contrasts with published statistics showing that almost half of all organizations suffered at least one serious security incident / data breach in the past 12 months alone. When you look at large organizations alone, 90% of organizations will suffer a security incident. And yet still, many organizations will feel that a data breach just can’t happen to them.

In a critical look at this phenomenon, PwC’s John Whitehall, Director of Security, gives a look at what kind of organization would be immune to a data breach:

  • An organization with no people, who often cause breaches
  • An organization with no technology, particularly with nothing that can connect to the Internet
  • An organization that does not change IT systems (which reduces some risks but also introduces others, when vulnerabilities are not patched!)

Obviously such an organization cannot exist. Knowing this, organizations need to abandon this confidence of immunity to data breaches. Overconfidence leads to complacency in security preparedness, just as when organizations assume that “compliant” is the same thing as “protected,” which it is not.

Assume you’ll be breached. Know all about your data, how it’s being used and by whom, and have a ready plan of action should a security incident occur. Organizations that create a culture of securing data, that implement ongoing awareness of data security risks coupled with policies and well-thought-out layers of protective and responsive technologies, are the ones that can say, “Yes, we feel confident about our security, but we also know mistakes happen. We’re prepared.”

Absolute can help you identify potential security threats and respond rapidly before they become damaging security incidents. Absolute Data & Device Security (DDS) allows organisations to persistently track and secure all of their endpoints within a single cloud-based console. Computers and ultra-portable devices such as netbooks, tablets, and smartphones can be remotely managed and secured to ensure—and most importantly prove—that endpoint IT compliance processes are properly implemented and enforced. Learn more here.

Financial Services