Online Trust And The 89 Percent
added: 02.20.2014, by Mike Spinney
I recently perused the Online Trust Alliance’s 2014 Data Protection & Breach Readiness Guide and thought I’d use this space today and in upcoming Blog Confidential posts to share some of my thoughts on the information and advice contained in the paper. If you haven’t downloaded it, you should. (HoGo is unaffiliated with the OTA apart from our shared desire to address issues affecting trust in the digital world.)
The item that stood out to me was rightly included in the executive summary and stated that, according to the OTA of all data breaches occurring last year, 89 percent could have been prevented.
Let that simmer for a moment.
Was your personal, financial, or health data affected by a data breach last year? How enraging to know that there’s a very good chance it might not have happened if someone, somewhere, had taken done something differently.
Did your company experience a data breach? How frustrating to know that there’s a very good chance it could have been avoided if someone (possibly you) had done something differently. How frustrating to know that it could have been avoided if the right resources had been made available.
Often that is what’s at issue. It’s not that the folks working on information security don’t know what to do; it’s that they aren’t empowered to do what they know they should. Tight budgets force a process of triage that inevitably leaves gaps that increase an organization’s risk profile.
What is the answer?
There isn’t one answer. There are many, but finding them needs to start now, and not after the fact of a data breach. Have rules changed that necessitate new policies? Are the systems in place fighting the last war and not prepared for the next one? Are people being prepared for their individual roles in information security with education and awareness programs? Are they being provided with the tools they need to put their knowledge to more effective use?
The flip side of the 89 percent figure is that, unfortunately, there will be times when the inevitable happens and, despite all your best efforts, information is compromised. But that’s no excuse to give up hope. And it certainly won’t be an excuse when the attorney general’s office investigates.