While in the midst of Cybersecurity Awareness Month, recent headlines have been dominated by news of businesses experiencing a data breach. Companies nationwide have been on alert in light of breached business and information groups that have delivered significant consumer impact. As former White House Chief Information Officer Theresa Payton said in a recent interview on Fox Business, “Every piece of technology is hackable, which means a breach is inevitable.”
USA Today reports that a staggering 43 percent of companies have experienced a data breach in the past year, according to a recent study conducted by the Ponemon Institute and sponsored by Experian Data Breach Resolution on the state of corporate data breach preparedness—a 10 percent rise in incidents over the previous year. The study also cited the nature of international breaches that don’t always register within the US, noting that in January of this year, 40 percent of South Koreans had their personal data stolen and credit card information compromised. That’s a total of 20 million people.
Bloomberg News further reported that the study also shared that 27 percent of companies don’t currently have a data breach plan in place, based on responses from 567 Fortune 500 executives. In coverage on Fox Business, Payton elaborated on retailer-specific strategies by testing security via internal white hat hacker teams, sharing that “Our recommendation is to look at once-a-month hacking. We’re seeing companies test once a year, but (by doing so more frequently) those hackers can make a huge difference to point out vulnerabilities.”
In my role at Experian Data Breach Resolution, I work to remind our partners that secured businesses have more than just a plan on paper. In recent coverage on Fox Business, I cautioned against relying just on a static plan: “There should be an incident response team in place that practices the plan, and ongoing investment from the senior executives to ensure that technologies are up to date.” 70 percent of senior leadership surveyed revealed that they wanted more engagement in breach planning from board members and CEOs, while 69 percent shared that their plans needed more financial support. 77 percent added that more real-world practice would help them execute identified plans in a true breach scenario.
In a recent story, ABC News shared that, according to statistics from the Department of Homeland Security, more than a thousand retailers could have malware currently operating within their cash-register computers. Recent breaches have arisen from malicious software that lurked in the check-out terminals where patrons swiped their debit and credit cards, capturing the information as their purchases were rung up.
As a business, the best time to create a pre-breach plan is before your sensitive information is breached. And the best way to explore weaknesses and vulnerabilities in your plan is to engage it by testing through different scenarios, ensuring your organization has the partnerships and support in place that it needs to serve customers and protect their information.