Skip to main content

Thoughts on Breach of Trust vs. a Breach of Security

April 26, 2018

General thought: A breach of trust is different than a breach of security.

Trust and security, while related, are very different from each other. In recent years, we have seen information security continuing to be defined with strong frameworks, guidelines, and support from regulators to security offices, while the concept of “trust” has just begun to emerge. In recent years we have seen Offices of Trust being defined in companies with the role of Chief Trust Officer.  

Trust vs Security

In recent incidents where third and fourth parties were involved, there are some key things to understand when positioning a security breach versus a trust breach. To explore this further, I (James) will pull an experience from my childhood.  

As a child, I would not say I was a model child when it came to following my parents’ rules. I recall sneaking out of the house a few times to be with friends and do what teenagers do. I also recall getting caught by my parents and them lecturing me – not about how I got out or even what I did when I was out – but the breach of trust and confidence they had in me. Now that I am a parent, this is something I try to also share with my children.  

So, what is trust and the breach of it? We know there is an official definition, but for us, trust is the confidence we have in ourselves and others to do the right thing. Much like the saying courage is doing the right thing even if it is not the most popular, trust in many ways is the same concept. To establish trust, one must think about many factors in addition to security. One must evaluate situations where a stakeholder has a perceived notion of safety, security, trust, privacy, support, and other factors – in essence, that another party will do the right thing. In recent events, companies involved with breaches in many ways did the correct thing; however, areas of trust that were defined for users were infringed upon – not by the company but by other users in the ecosystem. We relate this in my ways to attacks like cross-site scripting (XSS) where a user is attacked by a flaw in the system. This is part of the trust ecosystem driven by information security. Another example is the breach of trust based on the supply chain when medicine and the packaging that protected the medicine was compromised. The trust of the company was impacted, and stakeholders (often, the investors and consumers) were looking to the company and its response to rebuild trust.

For us, the position of a trust officer would be more of a risk officer than a security officer, and more like a privacy officer – an ombudsman who advocates for customers. Nowadays, where security threats are eminent and breaches are weekly news, the establishment of a trust officer might be a key area that organizations need to evaluate to ensure that confidence in their goods and services are delivered to customers and stakeholders. This would help to ensure that trust is maintained throughout areas of security, privacy, supply chain, and others in a way where risks in trust are identified, reported, reviewed, evaluated, and decisions are made in the best interest of all stakeholders. Our mentors have taught us that every organization will have trust-related events. When an event does happen, trust and confidence is something organizations can maintain through their response and continued focus on areas where trust may be at risk.
 


    Peter Gregory

By: Peter Gregory

Director, Information Security

See More

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

November 09, 2017

Third-Party Breaches Will Continue Until Morale Improves

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-thi...

See Details

November 11, 2014

5 Ways Your Enterprise Security Tools Are Failing | Optiv

We have witnessed a dramatic shift in the nature of enterprise security in the last 10 years. The individuals who are attacking our networks are no lo...

See Details

December 02, 2015

A Place at the Table - Part 1

Last year, I put together a presentation centered on women in IT security called, "A Place at the Table." The talk explored the reasons why women may ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.