Free Newsletters for the Channel
Register for Your Free Newsletter Now
MSSPs may want to offer services designed to address small vulnerabilities to prevent big problems for clients.
February 27, 2020
Canada’s privacy commissioner’s office says systemic underreporting of data loss in federal agencies likely means more citizens and businesses are at risk than previously calculated.
Specifically, the House of Commons says federal departments and agencies have failed to protect 144,000 Canadians’ personal information over the past two years. Further, not everyone affected was informed. The underreporting of incidents is largely associated with small breaches.
“Most reports on data breaches only cover incidents that reach a threshold of people affected, which only allows us to see big breaches of, say, five hundred records or more,” said Paul Bischoff, privacy advocate with Comparitech. “The CBC’s report is interesting because it shows just how often smaller data incidents occur. Eight thousand incidents in two years is more than 10 breaches per day!”
Comparitech’s Paul Bischoff
Small breaches can appear of little consequence at first because they appear to affect only a few people.
“The report is a good example of how most data breaches are caused by human error and not by hackers overcoming cybersecurity measures. Even the most well-equipped organizations can do little to stop employees from accidentally emailing the wrong person,” said Bischoff.
But as the House of Commons’ new calculations proved, small breaches add up to big consequences. In this case, 144,000 people in all were affected.
Even so, Canada appears to be making strong headway in improving data-breach reporting. In the first year after Canada’s privacy law came into effect on Nov. 1, 2018, the Office of the Privacy Commissioner of Canada received six times the number of reports than the previous year — 680 security breach reports from November 2018 to November 2019.
Those reported breaches, however, were larger and due to problems commonly encountered in other countries.
NuData Security’s Lisa Baergen
“With Canadian companies now compelled to report data breaches, the number of breaches and personal information exposed is still alarming and underscores the reality: Relying on credentials is outdated,” said Lisa Baergen, VP of marketing at NuData Security, a Mastercard Company, last November when the uptick in reports first surfaced.
“Most static data like name, birthday, social security numbers and more are on the dark web for sale making such things as passwords and other credentials ineffective for truly identifying friend from foe,” Baergen added.
Because the small breaches affected so few people and were often attributable to human error, not everyone affected was notified and not every offender was aware of the offense at the time.
In the U.S., data breach notification laws vary by state. This creates a quagmire for breached companies to wade through and increases the potential for error and other compliance failures.
Given so many potential reporting gaps, especially in terms of smaller data breaches and leaks, MSSPs might want to consider offering audits and other services specifically designed to find and address these smaller vulnerabilities before they create big problems for their clients. It could very well be another important and lucrative revenue stream too.
Read more about:MSPs
A prolific writer and analyst, Pam Baker’s published work appears in many leading print and online publications including Security Boulevard, PCMag, Institutional Investor magazine, CIO, TechTarget, Linux.com and InformationWeek, as well as many others. Her latest book is “Data Divination: Big Data Strategies.” She’s also a popular speaker at technology conferences as well as specialty conferences such as the Excellence in Journalism events and a medical research and healthcare event at the NY Academy of Sciences.
You May Also Like
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024
CrowdStrike, SonicWall Cyber Threat Reports Highlight Attacks, Popular TacticsFeb 21, 2024