[BreachExchange] Data Breaches And The Erosion Of Trust

Audrey McNeil audrey at riskbasedsecurity.com
Wed Nov 29 19:52:48 EST 2017


http://www.huffingtonpost.co.uk/entry/data-breaches-and-
the-erosion-of-trust_uk_5a1c330ae4b0250a107c0159

The recent Uber data breach is another clear sign that companies are losing
the battle to protect their customers’ data, and what is at stake is one of
the most fundamental aspects of the relationship between consumers and
companies: trust. The risks are only going to get bigger because our
personal and professional lives depend more on digital services that create
more data which companies have proven they cannot protect.

Today, every aspect of our personal and work lives today involves a digital
or online interaction that results in the creation, sharing and storage of
our personal or financial information. In everything we do we leave behind
digital footprints about who were are, where we are, what we like or what
we dislike. The simple reality is, we cannot work, live or enjoy leisure
without giving up data about ourselves. This is the price we pay for all of
the benefits of the connected, always-on digital economy.

If this digital economy is going to work, consumers need to be able to
trust the companies they give their data to. Not even a generation ago,
trust was a handshake and looking the person in the eye when you opened a
new bank account, bought a new car, or obtained a home mortgage. Today,
transactions happen in the online ethersphere between two entities that
will never see each other. This means trust will matter even more as
physical interactions disappear from transactional relationships.

But trust is under increasing assault. This year alone there have been
nearly 1,000 data breaches reported worldwide that exposed nearly two
billion personal or financial data records. This is 160 per cent more than
during the same period last year, and it’s likely only to get worse. Sadly,
according to a recent global study by Gemalto, only one quarter of
consumers feels companies take the security of their data seriously.

Even as companies spend more and more on cybersecurity, data breaches
continue to grow in frequency and size. No company has been immune to data
breaches, even major corporations that spend tens of millions of dollars on
data security every year. Just look at this year’s list of the breached
companies and you will see a who’s who of the corporate world – Deloitte,
Equifax, Verizon, Whole Foods and most recently, Uber. No industry has been
spared and no one has been able to stop the rising tide of data breaches.

If one thing must change, it is the corporate mindset on data security. For
decades, the prevailing wisdom about cybersecurity has been that a
perimeter “wall” should be built around the data and network to keep out
intruders. This strategy of breach prevention has been the foundation of
corporate data security for decades. The current breach epidemic shows us
this approach is not working very well.

While there is much that can be done by companies to improve corporate data
security practices, here are four guiding principles that can help reduce
the erosion of trust:

Out With the Old, In With the New: Today’s security strategies are
dominated by a singular focus on breach prevention technologies. But, if
history has taught us anything, it is that walls are eventually breached
and made obsolete. Think Maginot Line or the Great Wall of China. Companies
should assume that prevention and threat detection tools can only go so far
and be used as part of a layered approach to security that can defend data
once criminals get into the network. In this new digital world, the new
perimeter is the data itself. That is why security needs to be attached to
the data itself using encryption, as well as the users who access the data
through stronger access controls.

Make Data Security a Mission Statement: If companies want to earn and
retain customer trust, they must view the protection of sensitive customer
data not just as a compliance mandate, but as a responsibility essential to
their success. Meeting the minimum legal requirements is no longer enough.
If a breach hits, and a company has encrypted customer financial data but
not the 10 million records containing personal information such as dates of
birth, addresses, medical records and social security numbers, it has
broken the bond of customer trust in its brand. Being a better steward of
customer data is not just good public relations, it makes good business
sense, too.

Transparency Is the Road to Trust: Companies should put security front and
centre and tell customers about the security measures that have been put in
place to protect their data. If a company is doing something better than
the rest of the industry, then it will be seen as a trusted innovator.

Security Is a Two-Way Street: Just as companies can tell what they are
doing to protect customer data, they should also tell customers how they
can best protect their personal identities and financial information. If a
customer experiences identity theft or a data breach while doing business
with a company, that brand suffers. A better-educated consumer is a safer
consumer of services.

The data breach dilemma proves that the traditional approach to data
security does not work anymore in the digital world. If companies don’t
wake up to this new reality soon, they may soon find a potential consumer
revolt on their hands and it won’t be pretty.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171129/f845ea9f/attachment.html>


More information about the BreachExchange mailing list