It often feels like data breaches are just too much to handle. Despite the advances made in technology and security, there seems to be an abundance of breach activity out there, enough to put your organization on edge no matter what sector. It's important for company leaders to understand what these breaches mean for their businesses, and also how prepare a planned response in case it happens to them.
Adapting strong security
The large amount of breaches may be dictating how security decision makers approach the new reality of breach attempts. Rather than simply giving up, some CISOs may prefer to turn to extra technology to help them resolve possible problems.
As part of an international survey, ServiceNow examined the answers of 300 CISOs in the context of cybersecurity trends. Globally, 81 percent of respondents said they plan to automate threat intelligence research by 2020, compared to just 34 percent automating today.
Similarly, 77 percent plan to automate alert aggregation three years from now, compared to 40 as of this present year. In both of these cases, the global response figures were remarkably close to the European ones.
It might be a sign of the enormity of these breaches, as well as the possibilities new technology gives us. Either way, it seems these officers are starting to prepare for a large amount of breaches in their plans.
The breach results so far
In its June 27 Breach List, the Identity Theft Resource Center said that 774 breaches were identified for the year so far, with more than 12.3 million records exposed as a result. While many of these breaches did not come with any amount of records reported exposed, by far the largest one listed involved America's Joblink Alliance. This breach, reported on March 21, featured 4.8 million exposed records.
Looking closer at a breach case
The America JobLink case is also worth noting for a few other reasons. First of all, it reportedly sprang from a code exploit and encompassed a range of job application information, including Social Security numbers.
As the company pointed out in a statement, the issue was apparently "identified and eliminated" as of March 14, almost a month after the hacker was said to have created his or her fake account originally to begin the attack. Compared to many other breaches, this could be seen as a relatively short response time and might have assured some users that their information was in good hands.
With cases like this taking prominence, it's no wonder that businesses might feel unable to keep up. Fortunately, this case and others have given some examples of how to recover, stay positive and avoid feeling weighed down by all of this bad news. A good breach response statement can set a strong tone and put your company on the road to recovery.
How do you keep your company ready for breaches without spending too much time worrying? Simply put, plan for the worst to happen and be prepared when it does. It could also help to consider each case individually while still drawing from a proven, effective response plan. Similar to how the ITRC report breaks down each breach individually, your organization needs to be able to do the same so every breach action and reaction to prepare one that works for you.
For example in JLA case, the company provided extensive information in the release, including a list of the 10 states where affected job applicants may reside. Businesses may balance out some of the uncertainty of a breach with a similarly thorough statement, as well as procedures for victims to follow, including review and monitoring as necessary.
Working with Identity Guard Business Solutions can help you equip your company with the kinds of services that aid in employee or customer identity protection after a breach.