When companies have to reveal security breaches, will it be carnage out there?

Written by on February 8, 2017 in Opinion with 0 Comments

According to John Chambers, now Executive Chairman of Cisco, there are two types of companies: ‘those that have been hacked, and those who don’t know they have been hacked’. He actually said this some time ago, and it is becoming more and more relevant.

With impending regulation that will force companies to reveal security breaches – at least to supervisory authorities – the news may make for very nervous reading.

While telcos seem to be rising to the challenge, with forward thinking companies such as Deutsche Telekom seeing the opportunity to provide their customers with that extra layer of security (and therefore increasing the trust of those customers), banks are not faring so well.

This comes as no surprise to the cynical hacks at DisruptiveViews who have been bashing their heads against the concrete walls of banking legacy for years now.

What is worrying is that, according to a new report by Cap Gemini, ‘only one in five (19%) UK financial service organisations are highly confident they can detect a data breach’. This figure rises to 21% globally.

If that is true then financial institutions have a lot of work to do to be in a position to comply with the new GDPR regulations that will compel them to reveal a breach within 72 hours of the event taking place. If they do not, or cannot, they will face fines of up to €10 million.

And if it is true that 4/5ths cannot detect a breach, then not only will these financial institutions be distracted from bashing away at the silos and legacy systems that are keeping them locked tightly in the 1960s but it will damage customer trust, even further than it is already.

According to Lisa Baergen, director at NuData Security, “there are many contrary reports that state trust [at banks] is at an all-time low”. Worse, “they’ll be held to account in an increasingly sophisticated and hostile threat environment where they are constantly attacked, and under more scrutiny”.

“Customer loyalty is the lifeblood of banks”, says Baergen, “ and the fact that they must have security in place has many of them looking for solutions that can provide a real sense of safety and security”. NuData advocates a multi layered approach to security, not just a single solution such as physical biometrics.

Whatever the solution, the problem is becoming urgent and public very quickly. The news is full of data breaches, both state sponsored and relatively minor. A significant minority of users know that some or all of their data has been harvested by hackers at some point. The dark web is so full of identities for purchase that hacking groups have now set up customer service operations. It could be argued that these are rather better than those of the financial and communications companies that were responsible for customers’ data disappearing in the first place.

We now acknowledge that security needs to be built in at ground level. Some are taking the lead and using security to differentiate their services. Education must be a priority – still the most used passwords are ‘123456’ or ‘password’, now enhanced to ‘password1’ or even ‘Password1’.

Whatever happens, prepare yourself for an apparent escalation of security breaches, as companies have to declare them.

Tags: , ,

Alex Leslie

About the Author

About the Author: Alex was Founder and CEO of the Global Billing Association (GBA), a trade body focused on the communications sector. He is a sought after speaker and chairman at leading industry conferences, and is widely published in communications magazines around the world. Until it closed, he was Contributing Editor, OSS/BSS for Connected Planet. He is publisher of DisruptiveViews and previously BillingViews. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: