Cybersecurity Attorneys: Get Used to Larger Data Breaches

By Steve Anderson
Contributing Writer

No one wants to go through a data breach. The hassle of changing passwords, monitoring accounts and the like is just more headache added to a life often already full of it. Yet the current word suggests that we all should get ready for a lot more data breach to come, and fairly soon.

The word came from a pair of cybersecurity attorneys well-respected in the field: Leonardo M. Tamburello and Diane D. Reynolds, who noted that the massive Yahoo breach of 500 million customer email accounts was likely just the start, and that many more companies to come were at risk of further breaches in the future. The pair, attorneys with McElroy, Deutsch, Mulvaney & Carpenter LLP, noted that there were several key points that would likely make breaches a bigger, more frequent threat in the future.

One, most corporate CEOs are business, rather than technology, experts. They simply don't understand the threat, how it can be countered, or what's ultimately at stake. Of course, some would say here that that's the CIO's job, or the COO, but even here, when there is an expert, that expert doesn't always have the necessary resources to address threats. Cybersecurity in general is treated as fire-and-forget, with universal solutions to “hackers” being as simple as buying a piece of software or changing a hardware configuration. Many times these organizations don't realize that all those “hackers” are working to counter any security measure put in place, so it must be updated frequently to stymie these attempts.

Worse, even when companies do commit to better cybersecurity, the solutions brought forth won't work with current systems, or don't work at all. Some smaller companies even believe that their smaller size will protect them, as hackers will believe the value is insufficient to make an attack worthwhile.

Consider it this way: why do people lock their car doors when they go out? Most of the time, people don't keep much of value in the car itself. Yet we've seen plenty of incidents where someone will break a window just for the sake of taking loose change from a car's cupholder. The risk-reward ratio is skewed toward reward: it takes little to break a window, and in the process, a free dollar may be on hand. So too the thought for some hackers: the company may be small, but all it takes is one broken window to get what's there to be had.

The response to such a proposition is simple. Engage in protection measures, even if they don't have immediate return. Consider lost opportunity costs, loss of reputation, and loss of potential business in any calculations of return on investment here. One hacking may be all it takes to unleash a stampede of business into competitors' hands, or at least a lot of time and expense spent cleaning up the hack to persuade customers not to jump ship.