The hidden impact of a cyber breach
The implications of a breach go far beyond what we commonly see in the headlines. The true cost must be taken into consideration when assessing the proper level of security for these systems.
Cyber breaches have become all too common, and there is a growing belief that they are inevitable. I’m sure we have all read about the material impact of these events, but there is another set of implications that has not been covered.
Few people would dispute the monetary impact that a cyber breach has on the organization experiencing the event. Numbers are thrown about that suggest the financial impact of a breach is between $2,000 and $2,500 per record. While much attention has been given to that aspect of the crime, far less attention has been paid to the hidden impact.
In examining a few incidents that I have worked on, there is also an emotional impact on individuals. For example, think of the user that received a phishing email, falls for it and clicks on the link. That individual became ground zero for the cyber attack, and his/her actions resulted in their computer being infected and the spreading of malicious code through all the emails sent to colleagues, business partners and friends.
FACT: In 2013, Radicati Group estimates there will be over 900 million corporate email accounts. That is a target rich environment to be sure. (Think of all the information in corporate emails.)
Once detected, the e-forensics work begins and eventually a computer is identified as ground-zero. The individual assigned to that computer is immediately on edge and may even have a feeling that their personal space has been violated. They wonder, did I do something wrong or will I be fired over this? In some cases the word gets out the malware originated from their online actions. Practical jokes, name calling and ridicule is an all too common occurrence.
Now consider the IT security department if the systems they protect are compromised and the organization experiences loss of customers, possibly fines and penalties, as well as the cost of repairs and credit monitoring. Those individuals feel a sense of defeat; a cyber adversary has beaten them. Many also wonder if they will be fired.
The implications of a breach go far beyond what we commonly see in the headlines. The true cost must be taken into consideration when assessing the proper level of security for these systems.