In perhaps the largest breach of private information ever, Sony recently admitted that the personal details of 77 million Playstation users may have been stolen by hackers. This was followed by a series of further attacks on the organisation’s websites.
Such leakages are not only costly, but damaging in terms an organisation’s reputation. In addition, the costs to an organisation are increasing, due to the impact on business reputation, and resulting loss in turnover, and also to increasing legislative penalty thresholds.
Doing nothing - a costly option
On the 22nd November 2010 the UK Information Commissioner issued his first fines under new data protection powers that came into force in April 2010, with fines of up to £500,000 now possible. In addition, a recent empirical study of US firms that have experienced a data security breach found an average organisational cost of a data breach of $6.75m ($210 per individual record compromised), based on legislative penalties and the business impact of loss to reputation. How would you explain a Sony style data breach to your clients?
While you are reading this, malicious hackers, identity thieves and other attackers could be at work, searching for any weaknesses in your network infrastructure and data security. If a corporation the size of Sony can be breached, how confident are you that your systems are hacker-proof?
Protect your business and your clients
Weaknesses in network devices, hosting platforms and services, as well as the security design of application must be monitored and assessed to verify that security baselines are adequate. Amid these growing dangers, vulnerability management is an essential element of your security programme.
Many companies’ privacy, security and confidentiality policies are driven by regulatory requirements, but this is only the starting point. If your employees and clients are not confident that these areas are properly addressed then the impact and adoption of technologies such as ecommerce systems – or indeed gaming networks - you introduce will be significantly reduced. To address the risk of confidential data breaches you need to ensure you are aware of, and implementing, best practices to manage the risks to the information you store and exchange.
If you have not recently conducted an IT audit to identify the measures necessary to protect your data, we can help you assess the potential threats, vulnerabilities and resulting risks to the confidentiality, integrity, and availability of electronic information on your systems, storage devices and networks. Once you have evaluated the potential impact of the risks you face, appropriate administrative, policy and procedure, technical, and physical safeguards should be identified to prevent or mitigate the risks to privacy and security. Any residual risks must be documented and accepted by management.
Your organisation will then be in a position to implement sufficient safeguards and security measures to reduce your IT risks and vulnerabilities to a reasonable and appropriate level. This will assure you that you comply with regulations, mitigate the risk of data breaches occurring and confirm to your clients that they are safe to do business with you.