Generosity, kindness, and the spirit of sharing. These are terms you’ll often hear this time of year, as they encapsulate the essence of the giving season. In the business world, however, similar phrasing is far from typical, especially when it comes to cybersecurity attacks. While few organizations want to willingly admit to having suffered a data breach or other compromise, it’s becoming more apparent that cybersecurity transparency can ultimately be of great benefit to all businesses.
Although it has yet to develop into common practice, there is a valid argument to be made those valuable lessons can be learned from every individual incident – leading to a safer situation for all. It’s worth dissecting that notion in detail to foster a more cooperative approach to effective cybersecurity solutions.
The Shame of Staying Silent
No business owner or executive wants to say with a smile on their face, “We’ve been hacked, and our customers’ information has been exposed!” Typically, almost the exact opposite has occurred with their being no desire to tell anyone outside of the inner operational circle.
These incidents occur nearly every day, and most organizations try to keep things hushed to limit panic, penalties, and a potentially tarnished reputation. There is a certain amount of shame involved when a company falls victim to a cyberattack. Even if a company does admit that a hack or breach has occurred, it’s rare for them to go into details.
This is understandable, but the truth is that there is no need to hide what has happened from the public any longer. In fact, hiding the facts of such incidents prevents any learning about what may be a valuable learning opportunity concerning the need to beef up security efforts and to share information that can help thwart attacks on other businesses.
Knowledge is Power and Sharing is Caring
Sticking with some common cliches as it relates to the topic here, sharing is caring – as hokey as it may sound when adopted to the business world. But with forward focused cybersecurity solutions in mind, it’s well worth honoring in full.
Successful business strategies are not openly shared with competitors in most situations. But when it comes to cybersecurity, it may be time to cast aside this long-held concept. The fear of admitting when a breach occurs has prevented many businesses from divulging valuable information that might be of benefit toward preventing similar attacks on other organizations. If businesses begin to become more upfront with the circumstances surrounding an attack, these details can be used to the advantage of all.
Cybercriminals Seek Easy Openings
Cybercriminals have used the same methods to perpetrate attacks for years. Why alter things if they remain effective? It’s a mindset that any business owner can resonate with. One main factor contributing to ongoing criminal success is that the same technique used to breach the cyber defenses of one business can be used on the next company in the crosshairs. And the next. And the next… But it doesn’t have to be this way.
The more that we all know about how cybercriminals are targeting businesses, the more capable we can be in creating tactics to prevent them from doing so. And the tendency to keep this knowledge quiet has allowed threat actors to use the same effective penetration methods for years. For this to change, the how businesses handle data breach transparency also needs to change.
Lessons Learned from Other Sectors
Admiral Michael S Rogers, who once held positions as Director of the NSA and Commander of US Cyber Command, believes that valuable lessons can be learned from other sectors that can be applied to current business cybersecurity efforts. By adopting strategies, practices, and possibly even requirements in a similar way to the aviation industry, breaches can be turned into a learning opportunity that enhances cybersecurity across the board.
Rogers recently said in an interview with ZDNet that, “In the US, we use a structure that says any time there is an aviation accident, the government steps in and there is a formal investigation. We determine the causes and the mitigating factors, we publish them and then we say, given that, what changes do we need to make?”
These tactics were developed with the public’s best interests in mind. Although cybersecurity risks may not be as directly life-threatening as a plane crash, they are dangerous, nonetheless. This shared information, even coming with severe consequences, has allowed air travel to consistently become safer. If the same approach were utilized in cybersecurity, it leads one to suspect that similar results could be achieved. Communication channels between businesses should be openly established. Perhaps it’s even time to consider regulations requiring them to do so.
Transparency on Display
The intent of this article is more to provide food for thought than it is about suggestions for direct action or advice. We all want our businesses to be more secure and always remain that way. Publicizing a massive hack or data breach is still not a favored tactic for organizations of any size. But it should be recognized that an open approach to addressing cybersecurity incidents can very well lead to improved tactics to combat criminals moving forward. There is no need to keep things quiet and allow threat actors to use the same tactics over and over again for their financial gain.
Take these ideas into consideration as we settle into the holiday season and upcoming new year. Make cybersecurity transparency a talking point within your organization and discuss the concept with other business owners in your network. There could already be existing strategies to share that will help all parties increase security moving forward.
By putting security incidents and issues on display, you can create an opportunity for learning and growth that will inevitably lead to better practices in the long run. Turning cybersecurity into an inclusive rather than isolating issue increases the success and safety of businesses and individuals of all kinds.
LibertyID is the leader in identity theft restoration, having restored the identities of tens of thousands of individuals without fail. If you retain personal information on your customers, now is the time to get data breach planning and a response program in place with our LibertyID Business Solutions data breach preparation program. With LibertyID Enterprise you can now add value to existing products, services, or relationships by covering your customers, employees, or members with LibertyID’s fully managed identity theft restoration service – at a fraction of our retail price – with no enrollment and no file sharing. We have no direct communication with your group members – until they need us.
Call us now for a no obligation proposal at 844-44-LIBERTY (844) 445-4237