Skip to main content

Thoughts on Breach of Trust vs. a Breach of Security

April 26, 2018

General thought: A breach of trust is different than a breach of security.

Trust and security, while related, are very different from each other. In recent years, we have seen information security continuing to be defined with strong frameworks, guidelines, and support from regulators to security offices, while the concept of “trust” has just begun to emerge. In recent years we have seen Offices of Trust being defined in companies with the role of Chief Trust Officer.  

Trust-vs-Security

In recent incidents where third and fourth parties were involved, there are some key things to understand when positioning a security breach versus a trust breach. To explore this further, I (James) will pull an experience from my childhood.  

As a child, I would not say I was a model child when it came to following my parents’ rules. I recall sneaking out of the house a few times to be with friends and do what teenagers do. I also recall getting caught by my parents and them lecturing me – not about how I got out or even what I did when I was out – but the breach of trust and confidence they had in me. Now that I am a parent, this is something I try to also share with my children.  

So, what is trust and the breach of it? We know there is an official definition, but for us, trust is the confidence we have in ourselves and others to do the right thing. Much like the saying courage is doing the right thing even if it is not the most popular, trust in many ways is the same concept. To establish trust, one must think about many factors in addition to security. One must evaluate situations where a stakeholder has a perceived notion of safety, security, trust, privacy, support, and other factors – in essence, that another party will do the right thing. In recent events, companies involved with breaches in many ways did the correct thing; however, areas of trust that were defined for users were infringed upon – not by the company but by other users in the ecosystem. We relate this in my ways to attacks like cross-site scripting (XSS) where a user is attacked by a flaw in the system. This is part of the trust ecosystem driven by information security. Another example is the breach of trust based on the supply chain when medicine and the packaging that protected the medicine was compromised. The trust of the company was impacted, and stakeholders (often, the investors and consumers) were looking to the company and its response to rebuild trust.

For us, the position of a trust officer would be more of a risk officer than a security officer, and more like a privacy officer – an ombudsman who advocates for customers. Nowadays, where security threats are eminent and breaches are weekly news, the establishment of a trust officer might be a key area that organizations need to evaluate to ensure that confidence in their goods and services are delivered to customers and stakeholders. This would help to ensure that trust is maintained throughout areas of security, privacy, supply chain, and others in a way where risks in trust are identified, reported, reviewed, evaluated, and decisions are made in the best interest of all stakeholders. Our mentors have taught us that every organization will have trust-related events. When an event does happen, trust and confidence is something organizations can maintain through their response and continued focus on areas where trust may be at risk.
 


    Peter Gregory

By: Peter Gregory

Director, Information Security

See More

    James Robinson

By: James Robinson

Vice President, Third-Party Risk Management

See More

Related Blogs

April 10, 2014

Understanding, Preventing and Detecting Retail Breaches

Recently, there have been a number of high-profile cyber-attacks in the retail industry. These security breaches are becoming more and more commonplac...

See Details

January 24, 2014

Trends in Credit Card Data Breaches and Why You Should Be Concerned

As FishNet Security's Incident Management team handled credit card data breaches, PFIs and other response engagements in 2013, they observed a rise in...

See Details

November 09, 2017

Third-Party Breaches Will Continue Until Morale Improves

I have some bad news for you: breaches at third parties are not going to stop – not any time soon. Various studies show that somewhere between one-thi...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

December 23, 2014

The Transcendence of Breach Assessments

This blog post isn’t intended to be a panacea that will resolve past, present and future organization security breaches. That is a tall order many fee...

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.