As data breaches continue to bite, good advice continues to flow — advice that hopefully reaches far and many. For all the reasons you’d want to be in the headlines, you don’t want it to be due to a data breach.
Identity Theft Council recently covered the Adobe breach, one of the more embarrassing breaches of 2013. In early October, the company announced that nearly 3 million of its customers had been affected by a data breach that exposed names, IDs, credit card information and other personal data. Two months later, the story is still going strong and maybe even growing stronger. Not just because the hack seemed to be relatively easy, but because the number of potential victims has surged from 3 million to more than 30 million.
Even though the millions of passwords exposed were encrypted, some security experts believed those passwords could be decrypted and wreak even more havoc. One expert interviewed by Reuters commented, “This is a treasure trove for future attacks.” Furthermore, future attacks could also mean a treasure trove for the media, who can be relentless in maintaining the focus on big breach stories. These are not the kind of headlines anyone wants, especially as each story chips away at brand’s confidence and loyalty.
Worse than that, the hack may have also exposed the source code of some of Adobe’s most popular products. If that source code is now in the hands of hackers, and it’s assumed it is, the repercussions of this breach could be felt for months or even years as hackers and others try to use infected Adobe products to launch an endless barrage of sophisticated attacks. Every attack will hurt Adobe more than anyone else. EWeek published an article recently outlining the type of mistakes organizations make that can expose them to data breaches. And while the information wasn’t new, it was well put. Here’s just a sample of the most typical mistakes cited:
- Lack of a clear communications plan.
- Lack of a single decision maker.
- Waiting for “perfect” information before taking action.
- No clear post-breach plans.
- No clear remedy for customers.
That article also mentioned another recent report by the Ponemon Institute that found more than 40 percent of surveyed organizations surveyed admitted they still didn’t have a formal breach prevention or response program in place even after experiencing a data breach.
Update 08/2015: EiQ Networks found that 72 percent of companies are not prepared for a data breach in 2015.
The best thing you can do to minimize the threat of a breach, or the impact of the inevitable, is to continuously take preventative measures.
The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.