(KRON) — What do Target, Nieman-Marcus, Walmart, Apple and the Pentagon all have in common? They thought they were protected. Sadly for these Fortune 500 companies and their millions of customers, they were far more susceptible to infiltration than they thought. Cyber security breaches are no longer few and far between– they are frequent and affecting the most iron-clad companies, big and small.
The most publicized breach of the year was against Sony Pictures. A satirized take on North Korea’s dictator was the catalyst for a breach that did lasting damage and exposed personal emails of some of the top officials. Sony made extensive investments in cyber security and was still caught off-guard.
According to Richaed Bejtlich, the Chief Security strategists for FireEye Inc.– a company enlisted to clean up the Sony mess– the techniques used to bring down Sony weren’t even that sophisticated.
“If you’re a sufficiently interesting target, you will be breached. There is no company or organization in the world that can stop it, including the U.S. government. We’ve seen that. But you need to cut off the bad guys before they do what they came there to do,” Bejtlich told the Wall Street Journal.
With so much our transaction information stored on third-party systems, we’re exposed to vulnerabilities beyond our control, and the control of those we entrust.
“It’s not if, but when,” said Diane Aboulafia, director of GreatWork Strategic Communications, an industry leader in crisis PR. “Many companies do not realize that data breaches are practically inevitable.”
So what can companies do to protect themselves?
“First and foremost, they need a plan,” said Aboulafia, “The interesting thing about a plan is that it gives you the time to figure out a response style that fits with your company’s genuine corporate culture.”
But it’s important to see breaches as an inevitability, and not a what-if.
“Companies need to ask themselves questions–Does your company value transparency or do you prefer to provide only information required by state laws or industry regs? How much information will your stakeholders need to feel that you are addressing their problem with empathy and professionalism?” Aboulafia said “A crisis is not the time begin these discussions.”