Is PII the only reason for data breaches?
Even if Personally Identifiable Information (PII) or Protected Health Information (PHI) is secured, hackers can lock down or encrypt enterprise systems for ransom payments as lockdown leads to business continuity disruption and loss of customer trust.
It’s crucial to dispel the misnomer that PII/PHI is the sole reason for breaches. Cybersecurity is a multi-faceted issue, and a comprehensive approach is necessary in addition to the business continuity plans and processes in place. This approach should address vulnerabilities in enterprise code, cloud or infrastructure misconfigurations, and the absence of Multi-factor authentications, not just securing PII/PHI.
If PII is the main reason for data breaches and ransomware, why did hackers target a small regional credit union with around 500K customers? Instead, they could have targeted one of the top 3 banks with approximately 70M customers each. For more than 12 days, as of this post, customers can’t log in to their bank accounts online. Due to limited staff, there are long lines at the branches. They can only perform limited operations on their accounts, and the surprising part is that they can’t check their balances. Without knowing balances, how can one operate their bank accounts? Also, customers can only withdraw $500 per day from ATMs. This will have a trickle-down effect as customers will miss out on payments, accumulate fees/fines, mess up their credit files for late payments, and so on. While the source of the breach has yet to be revealed by the bank, on the surface, it looks like they don’t have Multi-Factor Authentication (MFA) for their customers.
领英推荐
Imagine the potential for larger-scale attacks. If this happens to one of the bigger banks, like Chase or Bank of America, the scale of impact would be 140X; instead of 500K, it would be 70M customers. This striking comparison underscores the gravity of the situation and the need for robust cybersecurity measures. Cybersecurity measures alone are insufficient, but the focus should also be on fail-over systems, and fallback plans to maintain business continuity.
Are we, as a society, building digital infrastructures without sufficient fail-over systems? The risk of cyber attacks is not limited to the finance industry but extends to critical sectors like healthcare, supply chain, transportation, manufacturing, utilities, and service industries, impacting the economy and creating chaos.
What are your thoughts? Please feel free to share your thoughts and comments.
Looking for Pre-seed and Seed Stage Startups!
1 个月??
Senior Media Strategist & Account Executive, Otter PR
5 个月Great share, Krishna!
It's interesting to consider the motivations behind cyberattacks beyond financial gain. Perhaps the desire for intellectual property, disruption of business operations, or even nation-state sponsored attacks play a larger role than we think. What are your thoughts on the role of non-monetary drivers in cyberattacks?