James Thew - Fotolia

Users want data leakers hit by fines and compensation claims

The channel should be at the forefront of leading efforts to encourage users to get on top of data breaches as users express frustration with current situation

The first time most people realise they have been the victim of a data breach is when they read about it online or get an email from the company concerned apologising.

The number of breaches continues to stack up and Ashley Madison members, Sony PlayStation network gamers, Dixons Carphone customers and others have all experienced the fall out with warnings over potential scams that might result from their personal details being leaked.

The channel has used the examples of data breaches to try to encourage firms to invest in security as well to tighten up their policies around handling and protecting information. Each fresh breach has provided headlines and more ammunition for those pitching the need for action.

Most of the time however the customer viewpoint is not canvassed, presumably because the assumption is they are all generally feeling cheesed off about things.

That conclusion would be right but it perhaps goes further than that and many users caught want more to be done to punish those businesses that do get caught out by the cyber gangs. That ill feeling towards those firms that do fail to protect data could well be an extra element for those weighing up the risks and the damage to brand.

The conclusions of a survey conducted by prevention and detection player Bit9 + Carbon Black indicate that not only are users extremely disgruntled with becoming the victim of a breach but large numbers feel they should be compensated for the attack.

There is also an appetite from the public for fines to be handed out to organisations that have suffered a breach and a small number of respondents suggested that those responsible for handling security at an organisation could be held personally responsible.

The idea of fines, including the potential for some very large ones, is something that the EU is also going to tinker with as part of the data protection law changes that could be given the green light.

Roy Pickard, channel manager, EMEA, Bit9 + Carbon Black, said that he had found the findings of its survey quizzing users provided real food for thought and should spur more conversations with the channel.
“These findings are a real eye-opener to the mounting pressure and public scrutiny that businesses are under, and provide a huge incentive for customers to consult their channel partners about the best ways to limit their risk. The simple truth is that with the Advanced Persistent Threats that now exist, it’s a question of when, not if, a data breach will occur," he said.

"The public seems to have accepted this, but what’s really got them riled is the amount of time it takes for businesses to realise that they’ve been breached. As such, resellers should be helping their customers to close the gap between breach and detection so that they can find out exactly what happened and which customer data was stolen much sooner," he added.

There are various security tools that the channel could be encouraging users to adopt, ranging from multi-layered defences as well as helping develop a holistic solution for their customers.

"Resellers should also explain the need for always on, continuous monitoring and recording on each and every endpoint device on the enterprise network," he concluded.

It might sound straightforward but most firms continue to be poor communicators about security threats both externally with users as well as with their own staff.

Centrify has found that it is easier to hear about some free food being left in a conference room or a staff birthday than it is in most firms to get information about the latest threats.

“Given the very high profile of data security breaches today, it is surprising that organisations are apparently not taking every opportunity possible to raise the profile of security internally and improve security protocols,” said Barry Scott, CTO EMEA at Centrify.

“Regardless of the source, companies should be making every effort to educate users and raise awareness of potential threats and to improve their security training and posture," he added.

Read more on Data Protection Services