Experiences and Lessons from more than a Decade of Data Breaches
After the game, the king and pawn go in the same box.
In our industry which was once the domain of obscure and rare misconduct of hackers, ethics matter. Our founder and CEO John has exhibited strong ethics built from experiences since 1994.
Contrary and present, cybercrime now accounts for a significant part of online activity and has its fangs locked on to society. In secret Internet darknets and forbidden chat rooms, cybercriminals buy and sell stolen credentials and data. We know how to mitigate this activity.
What was once a rogue hacker or cracker is now a rogue nation-state and these so-called anarchist groups. These groups often act when legal governments do not act. A snippet from F5 is interesting and full of statistics outlining some of this information. Companies now routinely hire hackers to disrupt and infiltrate their enemies as the same companies hire hackers to audit them. The Pew Research Center published a report in 2017 noting that 64% of Americans have personally been victims of data breach. The Internet Crime Complaint Center (IC3) operated by the FBI has reported 176% growth in reported cybercrime losses over the past five years, up from 525 million in 2012 to 1.45 billion in 2016. The Identity Theft Resource Center reports that breaches increased in 2016 by 40% from the previous year.
Is our current paradigm of how to deal with these issues as good as it gets? We have a better answer. We are living in an age of cybercrime that shows no signs of slowing down. Our action is to do more than just speed up.
Regardless of your moral principles or political philosophy, we live in a time with infrastructure that is critical to the world as we now know it. Incident management shouldn’t be to solely rely on the FBI. Other states could do what Ohio has done with S.B. 220, known as the Data Protection Act. This was drafted to incentivize businesses to attain a “higher level of cybersecurity” by maintaining a compliant cybersecurity program. This means if a firm is sued for negligently failing to implement reasonable information security controls resulting in a data breach, the firm can then state its compliance with the cybersecurity control as an affirmative defense. However, this is just a good band-aid.
The problem is not solely an educational deficit, we’re living in an age from a cultural gap.