For a business that’s breached, the malicious incursion itself is only the start of its troubles. The company will then have to notify customers about the incident, and this will set in motion a chain of events that can involve hefty fines and almost always includes a loss of trust.
Sony and travel agency experience the consequences of poor endpoint threat detection
When a big enterprise is breached, it can count on the fine being equally steep. According to eSecurity Planet, Sony learned this the hard way recently after it agreed to pay $15 million following a 2011 malicious encroachment. The breach happened in the company’s PlayStation Network, a popular gaming platform with millions of users. When the security episode happened, tens of millions of users had private data exposed, including credit card information.
Sony is choosing to pay the $15 million instead of going to trial, since the costs and time associated with legal proceedings could quickly rack up a far greater tab. In a statement to Polygon, a Sony official was adamant that the company’s breach was not a result of security shortcomings.
“While we continue to deny the allegations in the class action lawsuits, most of which had been previously dismissed by the trial court, we decided to move forward with a settlement to avoid the costs associated with lengthy litigation,” an official stated in a written release.
Still, Sony’s decision to pay restitution instead of defend itself further will likely seem to many a tacit admission of culpability. According to eSecurity Planet, a travel agency is finding itself in a similar situation to Sony after suffering a breach that also resulted in the exposure of patron credit card data. The company, Think W3 Ltd., fell victim to attack after one of its subsidiary corporations, a travel company called Essential Travel, had its website hacked. Information for nearly 1.2 million debit and credit cards was stolen in the breach. The company is now being fined $250,000 stemming from the attack, a fine assessed by the UK Information Commissioner’s Office.
Breached companies must also deal with diminished trust
For a company that suffers a preventable attack, money isn’t the only thing at stake. More importantly, customer trust can also suffer. A global survey conducted by SafeNet recently found that roughly two-thirds of the 4,500 people it surveyed said they’d be extremely unlikely to have anything to do with a company that suffered a credit card breach. There is also a prevailing sense among patrons that businesses aren’t taking the threat posed by cybercrime seriously enough.
Unfortunately, it’s all too often the case that a business doesn’t devote the necessary attention to security until after an attack. For customers, this is too little too late. Businesses that want to remain afloat need to make an effort to put in place the most stringent endpoint detection and response measures possible. Failure to do so may just force a company to close its doors.