Mixed messages towards cyber breaches results in confusion
In a world where cyber attacks are becoming increasingly sophisticated and cybercriminals are being provided with access to more advanced technologies, it is crucial that companies take precautions and understand the importance of safeguarding themselves and customers in the most secure way possible.
Amidst everything else that organisations have to contend with, data privacy protection can often be overlooked and considered more of a ‘deal with it if we come to it’ kind of problem. However, this was exemplified by the 2020 easyJet incident where the personal information of its customers was compromised. This data breach impacted more than 9 million airline passengers, with thousands experiencing theft of their credit card information.
This comes at a time when Boeing has recently admitted to falling victim to a cyber incident which impacted parts of its distribution business.
A lack of resources results in an abandoned investigation
As recently reported by The Telegraph, The Information Commissioner's Office (ICO) has abandoned its investigation into the 2020 easyJet data breach due to a lack of resources. The breach which affected millions of customers was so severe that the company's executives contacted GCHQ's National Cyber Security Centre for assistance, but the ICO has confirmed that it will not be taking any action against easyJet.
Jordan Schroeder, managing CISO at Barrier Networks, says: “Organisations have a duty to care for the data they hold and process, and they must take the protection of that data very seriously. These protections shouldn’t only be motivated by compliance or the risk of regulatory fines, but mainly because of their duty of care to customers, employees, and partners. In the three years since the easyJet breach occurred, cyberattacks have grown in scale and frequency. Now is not the time for organisations to lower their defences.”
However, Schroeder does believe that although this latest update could give off mixed messages and will undoubtedly receive a lot of scrutiny, “it shouldn’t be seen as an indication that the ICO is ‘easing up’ or that data breaches will be tolerated.”
Diminishing trust due to zero consequences
Victims of a data breach may experience significant emotional distress, even if they do not suffer any financial losses. They may be anxious and stressed about the need to take extra precautions as a result of the breach, resulting in boycotting certain companies due to a lack of trust.
According to The Telegraph’s report, an ICO spokesman said the regulator’s responsibility for the entire UK economy meant it had to “make difficult choices about which issues we take forward”. Saying: “Having carefully considered this particular case, the Commissioner decided that pursuing enforcement action would not be the best use of our limited resources at this time.”
Mike Newman, CEO of My1Login, explains: “When the easyJet breach was first announced over three years ago, it was widely regarded as one of the world’s biggest cyberattacks. Over nine million people had their personal data compromised, which put them at serious risk of phishing, financial fraud and identity theft. It is therefore deeply concerning that the ICO has dropped its investigation into the attack, and it could send out a very wrong message to other organisations.
Given the scale of the attack, and the fact that British Airways was hit with a UK£20mn (US$24.6mn) fine for a much smaller breach, the industry was expecting the ICO to come back on easyJet with its full force, but evidently this is not the case.
“Since the easyJet data breach took place, cybercrime has grown, so organisations should not see this as an opportunity to let down their defences. When customer data is held, it must be kept secure. With over 80% of today’s cyberattacks being executed through stolen credentials, organisations must focus on securing these as a priority.”
Securing the future of our digital world
Trust and loyalty are essential for any business. When customers and clients lose trust in a brand or see a lack of consequences for their actions, they are less likely to remain loyal. After a data breach, even the most loyal customers may reconsider doing business with that company. As a result, the company's customer base may shrink and it may suffer a financial loss, along with damage to the organisation's reputation.
“Phishing is generally a tactic used to steal passwords from employees so criminals can access corporate networks and the data they store,” explains Newman. “The safest way to remediate this threat is by removing passwords from the hands of the workforce.
“Using a modern workforce identity management solution that provides Single Sign-On and enterprise password management, enables passwords to be used where applications rely on them, but have them hidden from the workforce, significantly improving the user experience and enhancing security.
“This means even when sophisticated phishing scams do reach the user's inbox, they don’t have the ability to disclose their passwords because they simply don’t know them, which adds significant improvements to security defences.”
******
For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.
Other magazines that may be of interest - Technology Magazine | AI Magazine.
Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.
******
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.
BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.
