It’s incredible that large organizations still get hit with massive data breaches that not only put themselves at risk, but also puts their clients who trust these organizations with their most vulnerable data.
I have been thinking about the Liberty data breach fiasco from last week, where they were effectively held ransom by cyber criminals who had illegally infiltrated Liberties IT infrastructure, stole data from their mail servers and demanded payment from Liberty to get their data back.
There are a few things to think about here.
- The reactive approach to IT Security.
It is not a new thing that data breaches happen, in fact these breaches will continue happen as long as we store data digitally. With that been said I find it unacceptable that it took a data breach for Liberty to deploy IT security specialist onto their network, who found vulnerabilities in their IT infrastructure, which “might” have been the point of entry for the hackers.
There is a global catalogue of examples at Liberty’s disposal that should show them that a reactive approach to IT security is a bad idea.
- How long were the hackers on the network?
Liberty has no idea how long the hackers had to exploit the vulnerability. This leads me to assume that they have no idea exactly what the hackers had access to. They only know what the hackers told them they have in order to extort a ransom from them. This is a big concern.
- Did they pay the money?
No matter what Liberty tells the public, there is no way they will publicly admit to paying the ransom. This would do even greater damage to the Liberty public image than the data breach did, not to mention this would send a message to the international hacker community that South African companies pay ransom, a bigger can of worms than I think they are anticipating.
My biggest concern in this fiasco is how many of South Africa’s companies have the same attitude to IT security that Liberty clearly has. A reactive approach to IT security is not a good idea in fact it’s a terrible idea, every organization, regardless of its size has a responsibility not only to itself but to its clients to take a pro-active approach to IT security.
If your organization does not take a proactive approach to IT security it is being irresponsible in an age where digital data storage is the norm in day to day business operations.
Every business regardless of its size needs to deploy a proactive IT security policy, which is exactly what Call IT Services specializes in.
Email email@example.com for a full site survey to give you a better idea of where your organizations IT security and business continuity stands.