security awareness

Breach fatigue or too big to fail?

As we prepare for the annual October holiday season with Cybersecurity Awareness Month there is an important question to ask. Are we as a society at the point of fatigue over every new security breach, or are the companies getting breached just too big to fail?

Security giant Fortinet announced a data breach this week that was remarkable in two ways. One was how small the breach was (less than 500GB) Two was how calm Fortinet seemed to be about. Security gadfly Dr. Chase Cunningham posted a flippant comment about the breach on Linkedin, encouraging his followers to “buy on the breach.” He pointed out that with big public companies, in security or not, generally take a hit on their stock for a day or two after a breach, but the stock rises to new highs as the dust clears. And no one seems to care about the downstream customers whose data might have been stolen.

A 2010 study published in the Journal of Cost Management concluded that a company could be more profitable if it annoyed unhappy customers more than they already were. The success of that strategy increased with the size of the company, according to the study, and when there were fewer competitors for a customer to turn to.

The reasons for the success were simple. If a pissed off customer decided to go a smaller provider, there were always new customers who signed up, simply because they were the biggest. If there were no smaller competitors, the customer never went away. In the process, the offending company rarely has to pay out to make the customer whole. The study pointed our that companies like United Airlines have notoriously bad customer service, but they rarely lose market share because of it.

Kevin Szczepanski, co-chair of Barclay Damon's Data Security, is much more forgiving

Membership Required

You must be a member to access this content.

View Membership Levels

Already a member? Log in here
Read more...

IAM in a shifting environment

The fourth annual Identity Management Day (April 9) brought the opportunity to assess and evaluate the shifting environment plaguing Identity and Access Management (IAM).

Identity plays a pivotal role in all facets of business functions. Overseeing identity and access presents challenges in determining who should have access to what.
This process requires a contextual understanding of the roles and duties of numerous individuals within an organization, ranging from system owners and supervisors to IT, security, and compliance personnel. Managing access between all these stakeholders and decision-makers while mitigating human error, minimizing excessive permissions, and preventing inappropriate access configurations presents a formidable task.

As workforces evolve, managing access privileges becomes even more complex, raising the risk of insider threats and unauthorized access. Understanding identity management is crucial across all business activities, especially with the rise of hybrid and remote work setups.

A strong IAM strategy requires enterprises to maintain a centralized and consistent view of all devices, resources, data, and users, along with timely provisioning of access to different users. When any of these elements are insufficiently operated, both the level of cybersecurity and the quality of user experience are jeopardized.

Read more...

Like Digital Cicadas, Cybercriminals Lie In Wait Before Unleashing Their Presence

A curious parallel can be drawn between cybercriminals and the intriguing phenomenon of Cicadas. Akin to the periodic insects that emerge from the ground after years of dormancy, cybercriminals often resurface with renewed vigor, unleashing their disruptive activities on unsuspecting organizations.

Purchase Required

This content requires that you purchase additional access. The price is $1.00 or free for our Premium members.

Purchase this Content ($1.00) Choose a Membership Level

Already a member? Log in here
Read more...

Cybersecurity Teams Have to Do More Than ‘Walk and Chew Gum at the Same Time’

In light of today’s threat landscape, the question for organizations might be, “Can your security team handle the multiple tasks and numerous processes required to detect, respond, and mitigate escalating cyber threats at the same time?” Called upon to become super multitaskers, they must successfully address routine and unexpected challenges without compromising quality or efficiency.

Read more...