Other People’s Data Breaches: They Can Help You Too

Alex Haynes
CISO   IBS Software

Over the past few years, numerous well-known brands and major corporations have been targeted by cyber-attacks resulting in the exposure of millions of customers’ personal and sensitive information, making data breaches an increasingly common occurrence. Although the immediate effects of these breaches can be severe for both affected individuals and companies, there is potential for your business to benefit by studying other organizations’ data breaches, which can help you and your team learn how to prevent similar incidents in the future.

One way to benefit from other people’s data breaches is to stay informed about which companies have been targeted and what data has been exposed. There are several websites that track and report on data breaches, including the excellent haveibeenpwned.com, BreachAlarm, and DataBreaches.net. These sites collect information from a variety of sources, including news reports, government agencies, and self-reported incidents from companies themselves. By checking these sites regularly, you can gain insight into the latest trends in cyber-attacks and identify any companies that may have experienced a breach that could impact you or your business.

Another way to use data breaches to your advantage is to study the tactics used by hackers and evaluate those weaknesses in your own security systems. When a company experiences a data breach, they occasionally release information about how the attack occurred (sadly, not enough companies do this) and what measures they are taking to prevent future breaches. By analyzing this information, you can gain a better understanding of the methods used by hackers and identify potential vulnerabilities in your own systems. For example, if a company’s breach was caused by a phishing email that tricked an employee into providing their login credentials, you can take steps to educate your own employees about how to recognize and avoid phishing scams.

Learning from other people’s data breaches can also help you make the case for investing in stronger security measures within your own organization. When a high-profile data breach occurs, it can serve as a wake-up call for companies that may have been complacent about their security posture. By highlighting the potential consequences of a data breach and pointing to real-world examples of companies that have suffered, you can make a compelling argument for investing in tools like Multi-Factor Authentication (MFA), encryption, and security training programs. There’s also an argument here for increasing customer trust and loyalty, which can have a positive impact on your bottom line.

Another benefit of studying data breaches is that it can help businesses better understand the legal and regulatory landscape surrounding data security. In recent years, there has been a growing push for stronger data privacy laws and regulations, such as the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States. By examining the ways in which other businesses have been impacted by data breaches and the legal fallout that followed, companies can gain a better understanding of the legal risks they face and the steps they need to take to comply with these regulations, and whether their controls are up to scratch!

An often-overlooked benefit is actually monitoring these data breaches for your employee credentials. Simply monitoring your domain name (for example @acme.com) is enough to let you know if employees have signed up to a  third-party site with their work e-mail address, potentially exposing workplace credentials (and if your authentication systems are still password based, this may be an additional risk for you due to password reuse). Putting in place a threat intelligence or third-party breach monitoring service can be very helpful to forewarn you should your company credentials appear in someone else’s leaks, even unwittingly.

Of course, it’s important to note that simply learning about other people’s data breaches is not enough to prevent similar incidents from occurring within your own organization. You must also take concrete steps to shore up your security measures and stay vigilant against potential threats. This includes the usual panoply of good access control, regularly updating software and firmware, conducting regular security audits, and providing ongoing training to employees. By combining a commitment to security with a willingness to learn from others’ mistakes, you can help protect your organization and your customers from the devastating effects of a data breach.

Finally, it’s worth considering how other people’s data breaches can benefit society as a whole. When a company experiences a data breach, it often results in increased scrutiny from regulators, policymakers, and the public. This can lead to new regulations and guidelines that help protect consumers and promote greater transparency around data collection and use. Yes, breaches are bad, but we can collectively use them for improving ourselves, our businesses, and our regulatory environment to prevent more of them in future.

Alex Haynes

Tags: , ,