Risk of Not Encrypting Data Just Jumped to Over $500M

Aug 25, 2015

Stories of leaked data, stolen personal information, organized cyber-espionage and willful misuse of proprietary intellectual property are hitting the news wires at increasing frequency. Most recently, headlines have been made by the extensive leakage of data from the Ashley Madison website, following extortion attempts by the hackers. What is especially worrying, from a corporate perspective, is that the initial hack and data theft went on undetected until well after the fact. Moreover, there is now a hard dollar figure on damages associated with such exploits. To date, general online businesses have been considered outside the purview of strict regulations like SOX, HIPAA and PCI which drive most ERM/IRM (enterprise information rights deployments today). Accordingly, there has not been much urgency for such companies to deploy these data protection solutions, which ensure that all sensitive data is encrypted - not only during transfer but also in storage within the enterprise network - and therefore safe from misuse even if it is stolen or a device is misplaced. 

The latest lawsuit against Ashley Madison changes that , and should serve as a warning beacon to all online service companies. As reported by Reuters here: http://www.reuters.com/article/2015/08/25/us-ashleymadison-cybersecurity-lawsuit-idUSKCN0QU05L20150825, "The lawsuit claims that the data breach could have been prevented if the company had taken ‘necessary and reasonable precautions to protect its users’ information, by, for example, encrypting the data". The associated damages being asked for are upwards of half a billion dollars. This is enough to wipe out a business, and all for a risk that is relatively simple to mitigate with the modern generation of ERM and IRM solutions. In a related development, the FTC has been given the judicial green light to prosecute and fine any company who is cavalier about data protection and exposes its customers to distress or fraud. To date, companies really only worried about data security if they were subject to regulations such as HIPAA, SOX or ITARS. Now, it needs to be every CTO's, CEO's and CFO's problem.

There is a general misperception that perimeter security measures are enough to protect internal data. This could not be further from the truth today (see for example http://www.cio.com/article/2972263/security/what-cios-can-learn-about-security-threats-from-4-recent-hacks.html) ERM solutions provide pervasive, permanent data protection, at increasingly affordable price points and with increasingly lower complexity. Current events should serve to put data protection enhancements on every CTO's high priority list. Read more about what ERM and IRM technologies are, and why they are a must-have tool in every CTO's arsenal, here: http://www.frost.com/sublib/display-report.do?id=NF2A-01-00-00-00. If you have any questions on what options are available in the ERM market today, and which solution(s) might be best suited for your particular needs, feel free to send me an email, at arambhia@frost.com. 


Avni Rambhia


Please add your bio info through your member profile page, or through your dashboard.

Add Pingback
blog comments powered by Disqus