William Saito is a cybersecurity expert and works for the Japanese government as both the special advisor to the cabinet office and Prime Minister. He says that security breaches like the one experienced by Equifax will happen with more frequency if the global community does not quit playing the blame game with these matters.
The attack on Equifax is said to have exposed the personal information of perhaps as many as 143 Americans and has been the source of a number of lawsuits. The Federal Bureau of Investigations, as well as the Federal Trade Commission, have launched individual investigations and there have been questions from the Senate Oversight Committee.
In other recent attacks, a large accounting firm saw its internal email breached and a United States regulatory body alerted the public that hackers may have gained unfair trade advantages through an attack on their system.
William Saito stresses the importance of not blaming the victim when incidents such as this occur. The tendency to point fingers at others within an organization could be counterproductive as it will often result in breaches being covered up or individuals will attempt to fix the problem alone.
Saito goes on to explain that scapegoating particular individuals within an organization can only lead to the type of information suppression that could devastate efforts at cybersecurity.
William Saito says that in today’s world data many times is more valuable than physical property and because of this a new mindset is needed within companies and organizations. For example, if a random person wandered into a company and does not possess proper security credentials the matter will be addressed immediately. Likewise, there are indicators for potentially suspicious data that should also be addressed with a sense of urgency.
Saito says awareness is key. He explains that cyber breaches are not one time events where offenders hit a company’s system, take information, and run. A serious of security measures must first be navigated and a footprint is left behind at every checkpoint.
The attack lifecycle is used in reference to the steps hackers must take to breach an organizations security. Some of these steps are time-consuming and must be manually executed. This is where William Saito says it is important that a company not only have automated solutions in place but also must create a company culture that will encourage individuals to quickly report any evidence of suspicious activity at any stage of the process.