By Don Sinko
During yesterday’s session on cyber breaches, we heard that every organization has been breached by cyber criminals. It’s a common point made at most conferences. We hear that there are two types of organizations, those that know that they have been breached, and those that have been breached but don’t know it yet. If this is the case, and it is a common belief, why are we so surprised when a breach is announced? Why do organizations get fines and penalties for announced breaches if everyone has been breached?
Identity thief is rapidly increasing, but the source of the breach is difficult to pinpoint. Since “everyone” has been breached, the victim’s personal information could have been stolen from a number of places. Obviously, the key is for organizations to do their best to prevent breaches through proactive approaches, or have processes in place to minimize losses. While proactive approaches may minimize liability if data is lost, the data loss is still a problem for the person whose data is lost.