Skip to main content

So Many Breaches…What’s Being Done?

July 15, 2014

It seems that every day we’re hearing news of a new vulnerability or breach that is compromising data. Will this ever end? Unfortunately, no – it’s the nature of security. Attackers will always try to acquire sensitive information, increasingly for financial gain.

Many information security professionals are working behind the scenes to protect this data, but their efforts can be hindered if they aren’t working with the proper budget needed to implement sound policies and procedures. It can be hard to obtain the needed funding from senior management when it isn’t tied to a direct ROI. However, doing nothing is not an option. As we have seen in recent news regarding major retail breaches, management and corporate boards are no longer immune to the consequences of poor oversight and will be held accountable for their decisions (and in some cases will lose their job or could even serve prison time for negligence as a result).

All organizations have a responsibility to their clients to do everything they can to secure information. This responsibility will continue to grow as more and more institutions continue to gather more and more data.

So, what can be done to protect against and mitigate the damage caused by information exploitation?

Organizations must fully understand the issue. The first step is to do a risk assessment of your business. Information classification and control can help organizations by beginning to assign responsibility and oversight – but this alone is not enough. Organizations must invest in the human capital to manage these functions. Every organization has its own environment, making it essential to fully understand the issues, organization, and business application of critical assets – and most importantly – the human resources dedicated to the protection of this information.

We must be willing to invest in the resources to properly protect this data. Perhaps legislation is required, but before we expect the federal government or even state houses to provide guidance, we need to increase the amount of money being spent on these efforts. Organizations have a fiduciary duty to their clients, employees and stakeholders to protect their information.

How do we do this?

By justifying these efforts to the holders of the purse strings and documenting the decisions of management. When organizations act in a transparent fashion and parties are held accountable to the outcomes – there is more at stake from an individual’s standpoint and the liability can push change forward. Eventually these efforts will increase the amount of data protection employed by organizations and thus, reduce the amount of exploited information.

Related Blogs

March 15, 2018


Pass-the-hash (PtH) is an all too common form of credentials attack, especially since the advent of a tool called Mimikatz. Using PtH to extract from ...

See Details

February 15, 2018

Security Simplified

It's no secret that data breaches are an ugly reality for businesses today, and despite ever increasing investments, organizations seem unable to stem...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy


January 22, 2018

Unstructured Data Risk Assessment

Learn how Optiv can help you assess your risk of a breach related to unstructured data.

See Details

August 13, 2014

Why Wait for a Security Breach?

Headline-making security breaches have hardly faded away since the beginning of the year. Looking back on statements Neiman Marcus made to journalist ...

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.