Customers and end-users are having the wool pulled over their eyes by organisations that
fail to report data breaches, according to Simon Bain, CTO of document management firm
The EU information security agency Enisa recently called for businesses and governments to be more transparent when they suffer data breaches.
The agency said in a report: "Lack of transparency and lack of information about incidents makes it difficult for policy makers to understand the overall effect, the root causes and possible interdependencies.
“It also complicates the efforts in the industry to understand and address
cyber security incidents. And finally, it leaves customers in the dark about
the frequency and impact of cyber incidents.”
Enisa is correct in its assessment of the problem, said Bain, accusing firms of becoming too arrogant to admit when they are in the wrong.
“In their eyes as long as the product works, the customer doesn’t need to know about the dirty little secrets which go on behind the scenes – firms are simply happy to pretend everything in the garden is rosy when vast amounts of evidence is available to proves otherwise.
“By taking this approach these companies are in fact doing their customers a major disservice. Organisations that hold information about us, do so on the basis of trust, and when that is broken, damage is done,” said Bain.
Businesses need to sit up and take notice of data breaches and stop relying on firewalls and token-based authentication tools, which offer scant protection from hackers, he said.
Hackers are more highly-skilled than ever, with breaches becoming more complex, and Bain believes transparency is essential to meet these challenges head-on.
By acknowledging and sharing information, organisations will be able to gain better understanding of malicious attacks and evaluate what can be done to ensure the safety of customer data, he said.
“Those that don’t are not only risking their customers’ livelihood, they are risking their own as well,” said Bain.