The Realities of Data Breaches: Is Your Content Safe?

It seems like not even a month goes by without an announcement that another major corporation has become the victim of a data breach.


6 February 2014

stairway to clouds

It seems like not even a month goes by without an announcement that another major corporation has become the victim of a data breach. 


December 2013’s news headlines revealed that retail giant Target had been the victim of a cyber-attack, resulting in the unauthorized access to millions of customers’ credit card numbers.  In January 2013, the Times discovered infiltration of its systems  by Chinese hackers who penetrated its networks to gather; employee passwords and other sensitive information.  Disturbingly, the Times estimated that the breach had been ongoing for four months before being detected.  And on January 20th of this year, another major retailer, Neiman Marcus, confirmed that it, too, had become the victim of a security breach, allowing hackers to make off with client credit card numbers and possibly make unauthorized charges during the holiday season.

The Impact of Data Breaches on Your Company

While none of these stories are surprising, many are taken aback by the reality that even large firms with highly confidential information find it difficult to protect their data against the concerted efforts of a hostile force.  The overarching reason for these types of dramatic failures, of course, is that applying effective security measures is not just a difficult one-time effort, but an ongoing, daily battle requiring continuous reinvestment in hardware, software, process and staff.  A failure or weak spot in any part of the structure puts the entire network at risk.  On top of that, failing isn’t cheap.  In a report titled Data Breach Response Guide, Experian estimated the average cost of a data breach – bearing in mind legal costs, lost revenue due to system outage, damage to brand name, system upgrades, cost of hiring external firms to assist with resolving and handling the breach and other operational costs – to be in excess of $5M.

Many providers of cloud solutions assert strong stories around the security of your data.  However, it is clear that not all cloud or SaaS solutions are alike.  An August 29, 2013 article in ComputerWeekly reported the findings of two researchers from OpenWall and Code Painters, who published a research paper on how they bypassed the security features of Dropbox and gained access to private user files.  In an October 23, 2013 write-up in ITWorld, author Dan Tynan talked about how cloud storage service Box.com gave “control over my account to someone else, who then nuked it.”

How Your Organization Can Protect its Data

Putting your data in the hands of an organization specializing in data security actually improves your odds of keeping it out of harm’s way. In order to increase the likelihood that the right safeguards are in place at all times, you must utilize the expertise in data, application and network security that available, as well as the ongoing investment in technologies, staff and processes to ensure the tightest control over your content.

Strong data encryption (both at rest and in transit), segmentation of the data model into indecipherable components that can only be reassembled with application logic, information rights management to guard against unauthorized redistribution, best-in-class services around authentication, an intuitive, foolproof permissions model, lifetime audit trails and industry leading physical security measures are all necessary parts of a truly robust security solution.