subscribe: Daily Newsletter

 

No shame in IT security breaches

0 comments

One of the first steps to addressing a public health crisis is taking the shame out of it, writes Matthew Gardiner, senior product marketing manager at Mimecast.
This, for example, was something that had to be learned during the early days of the AIDS crisis in the United States. Science cannot operate and hard problems cannot be solved without data and open discussions regarding the problem at hand.
In many countries it appears that a similar stigma still exists in the area of IT security breaches; and the related lack of disclosure contributes directly to a lack of understanding and action by businesses and government.
And, despite the fact that cybercrime is on the rise in South Africa, with R2,2-billion in losses annually according to SABRIC, those most affected by cybercrime are still reluctant to step forward. The Gemalto Breach Level Index revealed that just five data breaches were registered in South Africa in 2015.
For businesses, this instinctual drive to keep quiet about a breach is compounded by the weight of expectation; that they are doing everything they can to keep their customers’ and partners’ data safe. With the rich variety of security tools out there, there appears to the uninitiated to be little excuse to let a breach happen.
Unfortunately though in the real world, there is no such thing as 100% effective security. Cyberattackers have spent years evolving and perfecting their techniques and technology to infiltrate even security conscience enterprises.
The stigma around getting hacked only feeds on itself, giving weight to the misconception among targets that they are the only ones to have experienced it. Is it any wonder then that individuals and businesses alike are reluctant to step forward, to become one of the rare public disclosures?
We know from the work of those in the public health space, that de-stigmatisation is the first step towards transparency and an ultimate treatment. And we can see this has largely happened with security discourse in the US and many parts of the Western world.
This is because security breaches are disclosed, voluntarily or involuntarily, in such quantity that people feel much less shamed by them than they did years ago.
From Apple and Yahoo to the US government itself, no organisation is too big to avoid having been compromised at some point. This has accelerated action by industry, government, and law enforcement to address the problem through education, technology, laws, and law-enforcement actions.
There is a long way to go to solve the problems of cybersecurity, but without the sense of shame slowing public discussion, there is a real chance for progress. It’s testament to the power of open and honest dialogue around security – and should inspire other regions where the stigma is still having far-reaching impacts.
The first step is to acknowledge that breaches can – and do – happen to anyone, and that businesses are not alone. Let’s encourage organisations to recognise that disclosure around security breaches isn’t a source of humiliation at all, but a path towards a deeper understanding.