Has Everyone Had a Data Breach?

  • Comments posted to this topic are about the item Has Everyone Had a Data Breach?

  • Once an organisation starts to grow the direct partnerships aren't always visible or communicated to the people who need to know.

    An IT department may think that there are 30 partners/service providers in use.  Finance may have signed up for another 30 more!

    Think back to SQL Slammer.  Organisations that thought they were secure got hit because apps they had no idea existed, backed by MSDE, were installed in non-IT departments.  The unknown partner issue is a repeat situation.

    The company I worked for, when the EU cookie directive was implemented, had the same problem when investigating the number of tracking cookies they were dropping onto their customer's machines.

    Acquiring a new supplier is so much quicker and less bureaucratic these days but the downside is that the due diligence and auditing of the supplier is less rigourous.

    Another point is that you need to know what questions to ask of a supplier or you need to have a trusted party to ask those questions for you.



  • Steve,

    Great topic. I think the more appropriate question would be; is there any company that has not had a data breach?

    We see in the news, time and time again every year, about another big business that had a security breach and tens of thousands of customer’s personal data has been compromised. (Compromised. Hmm. I think that’s a softer, kinder way of saying hacked or stolen.)

    I know a lot of companies will outsource certain aspects of their business/services due to the cost of building that service in-house. However, in the long run, when data is compromised/stolen, it impacts the bottom line when customers start pulling out due to a lack of trust in the company. So, was it worth it in the long run? Sometimes, but not always. Hence RvR (Risk vs. Reward) must come into play. In that respect, the company as a whole, may declare that the risk is worth the reward. But from a customer or shareholder’s perspective, their data is more valuable and justifies the added expense of in-house learning and building of needed apps.

    Summing it up, if a company takes on additional partners, that company could insist on being informed when the secondary company also takes on additional partners. But, in the end it’s not worth the effort. If company A takes on a partner, company B, then company B takes on a partner, Company C, then company…. Well, you see where I’m going with this. Following this pattern, as you mentioned in the original post, a company is only as strong as it’s weakest link.

    So again, I ask, is the risk worth the reward? In-house vs outsourcing. Who really loses in the end?

    Just my two-cents worth.

    Aubrey W Love
    aka: PailWriter

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply