The Capital One incident is the latest in a string of high-profile, high-impact data breaches. In this case, the hacker gained access to users' information by exploiting a misconfigured web application firewall - something that could have been prevented.
Events like these serve as a grave reminder that companies holding personal and sensitive data need to be extra vigilant.
Good data stewardship is something everyone in an organisation should strive for. It should not be left just to the C-suite or the IT security team. Basics such as the use of strong passwords, multi-factor authentication and keeping software updated would prevent a significant percentage of all cyber incidents.
While its effects are damaging, leading incidents such as these are instrumental to teaching important lessons:
- Only collect and retain data that has a business purpose for as long as it is required.
- Have plans to reduce the impact of an attack. This can be done by incorporating training to help prevent, detect mitigate, respond and recover.
- Organizations need to regularly review their procedures for data storage and collection as security and privacy are not absolutes. They must evolve with changing technologies and regulations.
- Security is beyond an organization's peripherals. A risk assessment prior to parnerships with external business partners or service agreements should be made with periodic re-assessment.
- Build trust through trasparency ensuring that everyone ranging from customers, board members and important stakeholders are informed of an incident with regular updates.