Published: 19 May 2016
By Catherine Jamieson
A couple years back we spent some time looking at the outcomes for companies that were the victims of cyber breach, this work became the 'blog that never was'.
When we extended the time frames we found that early breach victims followed a similar six month pattern:
In other words, six months after the attacks they were in better shape than their competitors
We came to the conclusion that companies with the weakest security experienced the first wave of data breaches. The net result was that the subsequent shake up was just what those companies needed and as a result they did better in the end.
Their competitors would have reviewed their security, but without the personnel churn at the top.
Customers got used to breaches, and then increasingly fed up with breaches. They consider big companies as mostly the same, and therefore price and service returned as the key buying factors.
Fast forward to today. How are today's breach victims getting on? The picture is grim; We spent some time looking at the outcomes for TalkTalk, and found these key differences:
Retail organisations in previously good health can bounce back by heavily discounting stock. Service organisations don't have that luxury, they don't have stock to lean on and market forces are setting the general price level. Organisations that rely on their reputation for confidentially are suffering the worst. The ICO investigated 173 law firms regarding data breaches in 2014 this culminated in this Information Commissioner Warning . In 2015 Law Firm warnings were running at 15 per quarter.
There is a constant cycling of who is at the bottom of the pile security-wise. This drives the need for constant vigilance. Osirium is more about prevention of breaches rather than detection. Osirium helps prevent the external attacker and deter the internal wrong doers.
Osirium provides 'PxM' or Privileged x Management, where the x can be any of user, account, access, analytics, task or session.