Sadly data breaches have become a fact of life in our interconnected world. The most recent data breach hit close to home when Casino Rama, a popular gaming resort about 2 hrs north of Toronto near Orillia, contacted the IPC about a data breach on Nov 4, 2016. The casino said customer credit inquiries and collection and debt information were stolen, along with employee information, including payroll data, social insurance numbers and dates of birth. Over 5GB of data containing over 14,000 documents, including diagrams of the casino’s computer network and infrastructure have been posted on a popular torrent website. In addition to the potentially embarrassing information being revealed about gamblers and ex—employees, the other negative impacts include lost customers and a pending $50 million dollar lawsuit. Financial costs of data breaches are also extensive.
The costs of data breaches were outlined in a recent IBM sponsored study by the Ponemon Institute in June of 2016 http://www-03.ibm.com/security/data-breach/ and the results are not pretty. The average cost of a data beach in Canada is $6.03 million, with $278 as the average cost per stolen record and the cost of lost business averaging about $2.24 million. The causes of these breaches were 54% malicious or criminal attacks, 21% were system glitches and 25% were human error. The good news is that a similar study by the same institute also sponsored by IBM indicates that having a Business Continuity Management (BCM) process in place reduces the per capita costs of a data beach by 11%, reduces the mean time to identify and contain a breach by 23% and 41% respectively, and reduces the likelihood of a recurring incident over the next 2 years by 29%.
This is why BCM or DR is important. Having a Business Continuity Management or DR process in place means your company is already well positioned to handle a disaster or a data breach and thus reduce the time required to recover when one does occur. You have put in places processes and people to react quickly and methodically to security or IT breaches, and through constant and regular testing, you are aware of things that don’t seem right, thus reducing the likelihood of a future breach. Since BCM involvement in security operations does limit the damage and mitigate the costs of a data breach, it is important to ensure that there is cross representation between security and BCM teams, and some companies are starting to hire CISOs (Chief Information Security Officer) to bridge the gap between the teams.
If you are just starting to look at BCM or DR, Mid-Range can help, and if security is your top concern, combine your BCM project with a free Security scan of your IBM i servers by visiting us at http://www.midrangehub.com/ibm-i-security/.