Home Defence Intelligence

Your Reputation after a Data Breach.

Whether you asked for it, had an active hand in making it, or even acknowledge it, you have a reputation. It can be built up, blown up, and is blended from both fact and fiction. It is a wild beast that is only tamed in the way an adult grizzly plucked from the forest can be tamed. Despite all volatility and fragility you must manage it as best you can, because when your reputation takes a hit the foundations of success begin to shudder.
A company’s reputation is the same. After Target’s data breach one year ago, their customer satisfaction and service reputation stayed in decline for many months after. S&P cut target’s credit rating due to the breach’s bigger than expected impact on traffic and sales. Their profits dropped 46% in Q4 of 2013 and their CEO was ousted five months after the breach went public.
There are plenty of tangible costs when a data breach occurs: lost productivity, forensic investigation, technical support, system availability, compliance and regulatory failure. Much of these costs, while significant, are manageable to an extent when the breach is kept under wraps. When word of a breach crosses over to the consumer side, the final tally of damage and cost is unpredictable.
42% of breached companies lost customers and business partners. 46% of a breached company’s clients would no longer recommend the organization.
Companies like Sony, Home Depot, P.F. Chang’s, Staples, Michaels, K-Mart have all been targets of data theft. Their damaged reputations will recover over time but the repair costs are significant. A Ponemon survey stated the average damage done to a brand ranges from $184 to more than $330 million and, at best, brands lost 12% of their value after a breach.

Every company needs to do more to keep their reputation secure. While some data breaches will be physical blunders, many of them will be malware forcefully or welcomely entering the network.

Defence Intelligence helps their clients keep their data and their reputation secure with their advanced malware protection services. Take a look at what we can do to help.
Don’t be the next victim.

The most interesting DDoS ever?

Those of you outside of Canada may not have been following this
story, but you might want to as this one seems to have it all:
  • Accusations of police ineptitude and overreach
  • Listening devices
  • Claims and counter-claims concerning Anonymous
  • Twitter sparring
  • Social engineering
  • Multiple DDoS attacks
  • Bureaucratic boilerplate statements aplenty

The abbreviated story goes something like this…

 
  • An Ottawa teenager is charged with 60 offences related to
    ‘swatting’ various targets across North America.
  • Hacker claims to have proof that said teen is innocent – identifies another as the culprit. 
  • Hacker contacts family of the accused and the media.  Listening devices apparently discovered at suspects home. 
  • Hacker takes down city, police and court websites to bring attention to the case. 
  • Officials assure the public that no data has been breached, but that hacker managed to get password from service provider via phone. 
  • Hacker continues to post via social media, promising proof. 
  • Father of the accused now says he is a ‘person of interest’ in the case.
We’ve seen hundreds of ddos attacks in the news over the years,
and thousands of them in the security community.  They usually aren’t all that noteworthy and barely get a second glance.  The attacks in Ottawa and Canada over the past couple of weeks are rather unique, however.  You can catch up on the saga via:
Ottawa police, Supreme Court websites shut down after possible hack
Hacker threatens Toronto cops and city website
Anonymous denies involvement in hacks
Ottawa hackers drop affiliation with Anonymous; warn of more attacks
Hackers Have Kept the Ottawa Police Website Offline for Seven Days
Teen at centre of hacking confrontations set for trial June 16

Cyber Risk No. 1: Loss Or Theft Of Confidential Information

Image representing Dropbox as depicted in Crun...
Image via CrunchBase
Cyber risks are a growing concern for every company, no matter the industry. The storage and transfer of data have become necessary parts of doing business, and “putting it out there,” so to speak, increases the chance of a hack-attack. 
File sharing in particular is a major concern for organizations concerned about their sensitive or proprietary data.  With services like Dropbox, Google Drive and Microsoft’s SkyDrive gaining traction daily, IT professionals need an effective way to manage and monitor the flow of their data.  It’s for this reason that both our Harbinger and Nemesis services include a dedicated file sharing category, giving you the ability to control the transfer and integrity of your data.
This month we’ll be looking at three cyber risks most often identified by companies open to disclosure. The first risk is loss or theft of confidential information, which has become even more of a concern for companies and individuals in this post-NSA PRISM world. 
Each year, security threats continue to be more costly and require greater vigilance as evidenced in a recent settlement that cost Sony more than $383,000 in UK-based fines for a 2011 breach of its PlayStation Network. Nintendo also faced similar issues in June of this year with more than 15 million hacking attempts resulting in 24,000 breaches in a single month, according to CBR Online.
The average cost of a breach lasting 3-5 days for a small company is $35,000 – $65,000.  For a large company, that number grows to a staggering $400,000 – $840,000.  If at first glance those figures seem high, consider the cost of the following: time spent responding to incident, lost business, lost assets, reputational damage, and that’s before any compliance issues or fines.
The more your business grows, the more likely it will attract the interest of cyber-attacks. So what can you do to protect yourself? 
1. Pinpoint the associated risks for the types of data that are important to your business. 
2. Define your security policy. 
3. Implement.
4. Review and revise.
Final word of warning: don’t think this is one-size-fits-all. Prevention is dependent on your company’s needs, and could involve establishing Internet use protection or safeguards against intrusion or remote access safety measures for backing up and accessing data. 

Know what you need, and make sure you get it.  For more information about our Harbinger and Nemesis services, visit us at defintel.com

Related articles

Enhanced by Zemanta

The Second Annual Women in Security Lecture Series

Last night we had the pleasure of being a diamond sponsor and attending the second annual Women in Security Lecture series at the Hampton Inn and Conference Centre in Ottawa. The event had a relaxed business casual atmosphere with everyone talking about security. We appreciated hearing the different points of view and opinions from the panel and conversations on the current and future state of security.

Students from RMC at the event – Winners for best dressed
One of the speakers that really stood out for us was Lisa Gordon-Hagerty. Her extensive background in security in the corporate and government sector made her extremely interesting to hear from.  She touched on the fact that hackers, malware writers, and botmasters all work together sharing information and technologies. This allows them to constantly be a step ahead of the organizations they’re attacking.

“She’s been on both sides of the fence and very much believes in having the government and corporate entities work hand in hand to develop better security policies, to share information on different events and act as a collective unit to better combat cyber security,” says Mohamad Haidara of Defence Intelligence.

Mohamed Haidara and his cinnamon hearts.

There were lots of interesting ideas and discussion around the need for transparency among organizations and the need for organizations to learn from each other’s mistakes and leverage different strengths to secure their networks.

One key point was how current security tools are becoming obsolete. There needs to be a new tool or system brought in to help secure the networks of organizations.

Speakers and panel members for the night included:

LISA GORDON-HAGERTY, MPH – Founder and CEO, LEG Inc

DJENANA CAMPARA – President and CEO of KDM Analytics; Author of System Assurance: Beyond Detecting Vulnerabilities (2011)

DR. ALISON WAKEFIELD – Senior Professor in Security & Risk Management at the Institute of Criminal Justice Studies, University of Portsmouth;

NATALIE RUNYON, MBA, CPP – Director, Global Security, Thomson Reuters; Owner of CSO Leadership Training

CHRISTINA DUFFEY, CPP – Vice President, Operations, Paragon Security

SYLVIA FRASER, CPP, PMP, CRM, CSPM (Moderator) – Corporate Security Supervisor, City of Toronto, currently overseeing the Business Strategies and Risk Management Office

We are pleased to sponsor such a quality event for security executives in the Ottawa area. It was a great night filled with excellent discussions and we’re looking forward to next year’s event.

By Sarah Raphael