Negligence and Misconduct: The State of Cybersecurity Breaches

 |   |  Security

Not a day goes by that I do not see another security breach or system flaw being released. On Thursday, September 7, Equifax announced a major data breach affecting records for as many as 143 million American consumers. Nearly half the U.S. population may have had their Social Security numbers, drivers license numbers, birth dates, addresses and other sensitive information compromised by the security incident.

It is unclear what security safeguards Equifax had in place to prevent this type of incident from occurring. A class-action lawsuit filed the day of the breach accuses the organization of not spending enough to protect against cyber attacks. Regardless, this should serve as a wake-up call for all companies. It’s time for organizations to start treating their clients’ data with the same care they treat their own. According to IBM, 65% of ALL businesses have already been the target of a breach. If you haven’t been affected yet, personally or professionally, it’s only a matter of time. Saving time and money in the short-term by not implementing necessary IT controls and policies is a short-sighted and potentially lethal strategy.

I am a believer that most organizations need to see themselves as an IT company, if they don’t already.  Everyone has a responsibility to protect sensitive data. Most do an inadequate job at it. There, I said it. Sorry.

While I can blather on about technical controls needed, I won’t here. I see the problem as a cultural one. Most companies just don’t shoulder the responsibility for a culture of awareness in their organization, and solely rely on snake-oil technical controls alone. Yes, Equifax, TJMaxx, Home Depot, Anthem, Ebay, JPMorgan, Sony, Target, Citibank – perhaps you too. Will you be adding your company’s name to this incredibly long list as well?

The time for wake ups was 5 years ago. We are rapidly entering the areas of negligence and misconduct.

Christopher J. Luise

Christopher J. Luise

Christopher Luise is Co-CEO at ADNET Technologies, LLC. Early in his career, Christopher co-founded ADNET with Co-CEO Edward Laprade, and worked for several years as vice president responsible for new business development. In 1995, he left ADNET and spent the next 13 years driving innovative, technology-based solutions in the U.S., Europe, Latin America, and Asia as group CIO and later CEO for a Global Financial Services organization. Christopher returned to ADNET in 2008 to lead the Infrastructure and Advisory Services consulting practices with a full-time focus on strategy, operations, and branding.

Read full bio >