As corporations use digital technology to store and access all data, there are bound to be security threats from the undiscovered vulnerabilities in these relatively new systems. With the increasing amount of information that is required for businesses to operate, it is usually not feasible for an organization to employ older, more trusted methods of safeguarding their or the customers’ intellectual property. Consequently, security specialists must be able to react quickly to breaches as well as minimize the consequences and prevent future use of similar exploits.
The vulnerabilities that could cause a data breach similar to the one that happened at Fullsoft vary greatly. It has been found that 59% of security incidents occurred because of employees (Manworren et al.). That is not to say that the workers have intentionally leaked the information in all of these cases. Most of the time, the lack of security can be attributed to the careless practices that most people acquire when working with technology. One of the most common problems is using identical or similar passwords for multiple services. This drastically increases the risks of an important account getting hacked, as the attackers can steal the worker’s credentials from a purely protected website and use them to access the business’s data. Another practice that targets employees is phishing – “utilizing official-looking emails and websites to defraud someone of their personal information”(Manworren et al. 264). This is particularly dangerous for corporate users, as they often do not have time to carefully examine each email they receive, and a well-prepared phishing attack could be very effective against them.
Although cases of other companies do not include thorough information on what caused their beaches, one can still draw some insights from their experience. The infamous Yahoo breach, resulting in a total of 1,5 million user accounts being compromised, has caused the company to lose $350 million in value prior to finalizing the acquisition deal with Verizon (Cheng et al.). This example is meant to illustrate the potential threat level of any cyber attack.
The outcomes of a leak may differ depending on the information that was stolen and the nature of the business. As a software company, Fullsoft is likely to possess unique intellectual property that is worth a substantial amount of money. In that regard, having it exposed would greatly decrease its usefulness to the organization, resulting in immediate monetary losses. In addition, if the breach happens to contain customers’ information, it could harm the company’s image.
As the damage from a data breach could be devastating, it is essential that the company does everything possible to minimize it. The detrimental effect on the organization’s reputation can seem like the most pressing issue in such cases, as it may directly affect the value of the business (Gwebu et al.). However, it is vital to prioritize finding the root of the problem. If the company has permanent data logs, they should be checked for any abnormal activity. Employees should also be asked to report anything suspicious they have noticed prior to the breach. When the cause of the leak has been discovered, the security team must quickly employ measures to prevent the situation from becoming worse or repeating in the future. Work should also immediately begin on testing similar exploits and addressing any issues that are uncovered in the process. It is also recommended to train employees on the correct practices of using technology in a secure manner and to reduce the scale of a potential breach, by storing the least amount of data possible.
Works Cited
- Cheng, Long, et al. “Enterprise Data Breach: Causes, Challenges, Prevention, and Future Directions.” Wiley Interdisciplinary Reviews: Data Mining and Knowledge Discovery, vol. 7, no. 5, Wiley-Blackwell, Sept. 2017, pp. 1–14, doi:10.1002/widm.1211.
- Gwebu, Kholekile L., et al. “The Role of Corporate Reputation and Crisis Response Strategies in Data Breach Management.” Journal of Management Information Systems, vol. 35, no. 2, Routledge, Apr. 2018, pp. 683–714, doi:10.1080/07421222.2018.1451962.
- Manworren, Nathan, et al. “Why You Should Care about the Target Data Breach.” Business Horizons, vol. 59, no. 3, Elsevier Ltd, May 2016, pp. 257–66, doi:10.1016/j.bushor.2016.01.002.