Rethinking Organisational Resiliency
“Within literature devoted to crisis management, much attention has been focused on the topic of resiliency. Resilience is framed in the context of an organisation’s ability to adapt to extraordinary situations, to endure stress and change and survive into the future. Organisational resiliency depends upon the ability and capacity of an organisation to anticipate disruptive situations/events, react to short-term shocks and adjust to the unexpected disruptions triggered by them. Generally, such situations are short-term events – impactful situations stemming from a natural disaster event, such as a hurricane, earthquake or major flood. Similarly, they may be “man-made” impactful events such as a terrorist attack, a workplace violence incident, or a business-related event that imperils a company’s brand or reputation. The challenges presented by the COVID-19 pandemic present opportunities to reconsider organisational resiliency from a fresh perspective, particularly for small enterprises and sole proprietorships.”
Resiliency has always been a key component to any successful security strategy and has proven to be even more important during the COVID-19 pandemic. Organizations need to be more adaptive with their approach to protecting their assets and anticipating threats towards their business. Threat Intelligence will be what bridges this gap and allows security teams to make informed decisions.
Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
“A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year’s data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the Currency (OCC), an independent bureau within the United States Department of the Treasury that governs the execution of laws relating to national banks.
According to a press release published by the OCC on Thursday, Capital One failed to establish appropriate risk management before migrating its IT operations to a public cloud-based service, which included appropriate design and implementation of certain network security controls, adequate data loss prevention controls, and effective dispositioning of alerts.”
As a result of not having the proper risk management strategies and data loss prevention controls in place, Capital One is facing a significant fine of $80 million over the 2019 data breach.
As consumer privacy becomes more and more important, organizations that take part in unsafe and poor security practices will suffer financial repercussions, legal action, and brand damage.
5.5 Million Files Leaked Affecting Cybersecurity Firms, Insurance Companies, Universities & More
“The vpnMentor cybersecurity research team, led by Noam Rotem and Ran Locar, have uncovered an unsecured AWS S3 bucket with over 5.5 million files and more than 343GB in size that remains unclaimed.
In this case, after a few days of research, the research team identified the possibility that the data belongs to InMotionNow, and subsequently contacted the company with their findings. Although the unsecured S3 bucket is now closed, no one from the company ever responded to their attempts to reach out, so they are unable to confirm the ownership.”
There are thousands of places across the Internet where threat actors can leak sensitive information. Having coverage of these data points including Dark Web marketplaces and discussion forums is crucial to quickly detect if the information you are trying to protect is exposed.
The financial, legal and brand damage that occurs from the exposure of confidential customer information, intellectual property, or other sensitive data far outweigh the cost of investing in tools to quickly detect when a breach occurs.