I read an article by
Elinor Mills, “Why 'data breach' isn't a dirty word anymore”, in a CNET (blog)
- Mar 26, 2012. Her first sentence was, “Contrary to popular belief, data
breaches don't necessarily sink a company, studies and survivors indicate.” While it is an interesting article it
overlooks several things I believe need to be considered.
The example of the Heartland Payment Systems is interesting
in that it is not a direct to the consumer business. They provide businesses with the system to
handle credit and debit card transactions.
The customers of Heartland could switch to a different processing
company but that requires some serious thought and consideration. Additionally the Heartland customers are not directly
feeling the effects of the breach. They
are not being sued. Their names are not
being bandied about in the press so there is limited impact on them.
For the Heartland it means that they must fix the problem
and show the customers that they are taking the correct steps keep it from
happening again. It also means that Heartland has to defend itself from all of
the different laws suits that will be filed.
Yes I know that one of the suits was dismissed but there are still the
costs of the lawyers to defend against it.
If you take the costs of the lawyers and the fixes that need to be made
to the systems, you will find that it could have been done for so much less if
someone had analyzed the process, detected the flaws, and applied the fixes
that were needed in the first place.
Breaches do not need to happen. They happen because someone did not takes the steps to make the system right, use the system right, or protect the data.
No comments:
Post a Comment