Normalising data leaks: A dangerous step in the wrong direction

Following an internal email from Facebook being exposed, revealing that the social media platform believes the best approach is to normalise data leaks, Andrea Babbs, UK General Manager, VIPRE SafeSend, emphasises how worrying this statement is, as to give businesses an excuse to no longer invest time, money and effort in data security is a dangerous step in the wrong direction.

It was only recently, in early April, when it came to light that a data leak had compromised the personal data from over 500 million Facebook profiles in 2019. And since then, an internal Facebook email has been exposed, which was accidentally sent to a Belgian journalist, revealing the social media giant’s intended strategy for dealing with the leaking of account details from millions of users. Worryingly, Facebook believes the best approach is to ‘normalise the fact that this activity happens regularly’ and frame such data leaks as a ‘broad industry issue’. 

It’s true that data breaches occur every day and are increasingly on the rise – new research predicts there will be a cyber-attack every 11 seconds in 2021, nearly twice what it was in 2019. However, this doesn’t mean that it should be normalised.

Dangerously dismissive

The statement from Facebook is a very worrying strategy to come from a business that holds the personal and business data of millions across its platforms. Particularly in the wake of increasingly stringent regulations appearing globally, it is startling for such a large organisation to dismiss data leaks casually. To give businesses an excuse to no longer invest time, money and effort in data security are dangerous steps in the wrong direction.

Personal data is a valuable currency for cyber hackers, and individuals want to ensure it is protected. Leaking this confidential data, such as medical information, credit card numbers, or personally identifiable information (PII), can have far-reaching consequences for individuals and businesses. Keeping this data safe should be businesses’ number one priority. However, data is only as safe as the strength of an organisation’s IT security infrastructure and its users’ attention to detail.

A defence on multiple fronts

If you do not have the right technology to keep your data safe, you will face problems – but the same goes for having the right tools and training available to your users. Data security is a difficult and never-ending task, requiring ongoing investments on multiple fronts by every organisation in the world.

Particularly in the wake of COVID-19, businesses have had to transition to remote working and accelerate their processes to the cloud. Moving to cloud-based security, which moves with your users, is key. And investment in user training will become more normalised because an uneducated workforce is a big risk to an organisation’s data security efforts. 

To combat such threats, deploying a layered security approach is necessary for both small and large businesses. In today’s modern threat landscape, a data protection plan needs to include cover for both people and technology at its core. Companies need to invest in thorough and more frequent security awareness training programmes, including phishing simulations as a key component.

We will also see a bigger move towards Zero Trust Network Access (ZTNA) tools – which only allow people to access the data they need, not the entire network. There will be an evolution in this area, and protection for a workforce ‘on the go’ will become the standard, but with the same foundational principles of investing in the right technology and the users themselves. 

Reputation and responsibility

No matter where users are or what they are doing, keeping security front of mind will be one way to ensure good IT security hygiene for businesses. Those who have already made significant progress in this area will reap the rewards in safe data and reassured customers, clients and prospects. 

Businesses that get out in front of all areas of data loss, not just attacks from bad actors, are the ones that will do well in the long term. The ability to reassure customers and prospects of the safety of their data will become the new marketing message in the coming years, which is why attempting to normalise data loss could be so damaging to Facebook’s reputation.

Cyber threats are only going to increase in sophistication and become more personalised to the individual by using social engineering attacks or file-less-based attacks. Attackers will continue to take advantage of current events, such as COVID-19, to trick users into clicking a link, downloading an attachment or signing into a phishing website etc.

READ MORE:

Businesses of all sizes have a responsibility to keep data secure, and users must be a part of the solution, rather than the problem. In order to do this, businesses need to place cybersecurity as a priority throughout their processes and invest in the right tools and training to make this more of a business-critical solution, and less of an ‘emerging necessity’ as it is now.

For more news from Top Business Tech, don’t forget to subscribe to our daily bulletin!

Follow us on LinkedIn and Twitter

Luke Conrad

Technology & Marketing Enthusiast

In this together: how the crowd can help.

Matt Cooper • 22nd November 2022

Matt Cooper, the Chief Commercial Officer at Crowdcube, explains that if businesses can communicate their purpose and vision clearly, founders can mobilise a passionate community of investors to help them on their journey.