Few would disagree that cyberattacks are increasing in frequency and in intensity, and most organisations confirm they have now suffered at least one cyber incident.
Let’s take for example the recent incident involving Equifax, one of three major credit reporting agencies. They revealed that highly sensitive personal and financial information for around 143 million consumers was compromised in a cybersecurity breach that began in late spring. The vulnerability that attackers exploited to access Equifax’s system was in the Open source Apache Struts web-application software, a widely used open source platform.
Could this risk have been avoided?
Open Source Apache Struts platforms this risk would have been mitigated, and saved Equifax millions of dollars. Let now focus on the impact a breach like this, can have on organisations.
What’s the Impact?
- Reputational damage –Loss of customer and stakeholder trust can be the most harmful impact of cybercrime, since companies may not do business with a company that had been breached, especially if it failed to protect its customers’ data. This can translate directly into a loss of business.
- Theft –Intellectual property losing years of effort and investment in copyrighted material and their competitive advantage.
- Financial losses –The financial impact of a breach may run into the millions.
- Fines- There is the prospect of monetary penalties for businesses that fail to comply with data protection legislation. GDPR legislation which will come into effect in May 2018.
- Below-the-surface costs –in addition to the economic costs of incident response, there is also impact of operational disruption.
What is SCC’s Solution?
SCC has developed a solution to help manage the use of open source software through education, policy and process governance and technology based services to understand, mitigate and remediate risks.