In recent years, the number of cyber attacks has greatly increased while organizations have done little to beef up security. Most organization owners know little about security, and hiring IT professionals to manage a secure environment is expensive. Even with the expense, a strong movement is currently gaining traction to fine companies and financial firms that fail on cyber security.
Even more disturbing is the increase in insider threats causing companies to fail security checks. It’s these threats that can last for months and leave the organization with critical data breaches as well damage to the brand and its reputation. Financial firms usually suffer some of the highest damage, because their data is some of the most valuable to attackers. Financial records contain full personable identifiable information as well as banking details of the customer. These records bring a high price on dark web markets.
The committee is also considering fines for companies that delay reporting a successful data breach. This movement will even make it easier for consumers to file lawsuits for monetary damages should their information be a part of a data leak due to cyber security flaws. The US already has laws in place since 2012 that require organizations to announce security breaches.
The committee is reviewing suggestions for fines after a major provider – TalkTalk – had a major security breach in October 2015. The ISP has four million subscribers but identified approximately 150,000 records had been compromised. Of that 150,000, 28,000 records contained financial details of their customers. The data was obscured but still a large amount of it was useful to attackers. After the attack, law enforcement was able to apprehend six people involved in the attack. All of the attackers were under the age of 21.
This movement for more responsibility for cyber security flaws is just one more reason why organizations must put the right systems in place to stop attackers and mitigate losses. The right monitoring tools can detect and stop attacks before they turn into a critical data breach. Even more crucial is to have the right monitoring systems in place for insider threats. These threats are some of the most damaging since it’s an employee releasing critical details from the organization’s internal network.
If the committee’s ruling takes effect, it is even more crucial for businesses to identify risks within the organization and put proper systems in place to stop these attacks.