Whaley Bridge hit the news in late Summer when the dam above the village threatened to burst and swamp its inhabitants. Although weather forecasts predicted the oncoming storm well in advance, what wasn’t anticipated was the structural weakness which was suddenly revealed.
Marriott must have experienced a similar feeling when confronted with a £99 million notice of intent from the ICO relating to a data breach in the Starwood chain it acquired in 2014. Having failed to discover the breach until 2018, the hotel combine stands accused of a failure in its due diligence.
High profile breaches like this one, alongside BA, have put chief information security officers (CISOs) under the spotlight and emphasised the limitations of what conventional cyber-security can achieve. “Vulnerabilities in software and web sites can be open for years and exploited by hackers long before they get spotted,” explained Peter Galdies, managing director of data governance specialists DQM GRC.
As revealed in the 2019 report from IBM Security, “The cost of a data breach,” it now takes an average of 206 days for organisations to identify that their defences have been penetrated, up by 5% from 2018. That means a lengthy attack surface for hackers to explore before any remediation is even begun. Once a breach has been identified, the clock starts to tick even faster with GDPR mandating notification to the regulator within 72 hours.
Thank you for your input
Thank you for your feedback
DataIQ is a trading name of IQ Data Group Limited
10 York Road, London, SE1 7ND
Phone: +44 020 3821 5665
Registered in England: 9900834
Copyright © IQ Data Group Limited 2024