Reply To: Cyber Risk Lessons for Boards and Officers

Home Forums Discussions at SecurityWorld Cyber Risk Lessons for Boards and Officers Reply To: Cyber Risk Lessons for Boards and Officers


Uber may be the latest in a long line of big names to hit the headlines in the wake of serious data breaches, however it is the handling of the attack that is the biggest cause for concern. The lengths gone to by the executive team to conceal the loss of personal data from staff and customers is mind-blowing, and there simply isn’t a place or excuse for it.

Most likely the Uber C-suite, seeing the repercussions of cyber-attacks on similar household names, were keen to avoid the reputational damage – a massive error of judgement. The reality is that customer distrust of the brand will be amplified by the company’s attempts to hid the facts from them and points to the need for change in the industry.

When it comes to the loss of personal data, transparency is crucial. Not only will 2018 see this mandated by GDPR, but it is vital to ensure that even in the wake of a breach customers do not lose total faith in a brand’s ability to protect their data.

Secondly, the hacks of the past two years could not have made it plainer that the current mind-set isn’t working. Organisations need to think beyond the ‘protect’, ‘detect’, ‘react’ approach which sees hackers on average spend over 100 days syphoning of sensitive data from across compromised networks. Instead the model needs to include a step that limits the damage – containment. By isolating a threat when it enters the network, businesses can minimize the sensitive data a hacker can access and massively reduce the scale and scope of high profile hacks.

-Jim Kennedy, VP North America, Certes Networks