Assume breach position does not mean firms get to skip due diligence in cybersecurity


Recognising that security breaches are “not a matter of if, but when” does not mean businesses get to be cut some slack in the event of an incident, especially when they are unable to show due diligence in safeguarding their customers’ data.

Telcos, in particular, made for bigger targets due to their access to large consumer databases and communications infrastructure, Joanne Wong, LogRhythm’s vice president for international markets, said in a note on MyRepublic’s breach.

“As a digital-first nation, we need to get better at fending against these threats,” Wong said. “We know from experience that there can be far-reaching implications of a single weak link and cannot sit still, and watch the same incidents happen time and time again. Organisations, especially in these essential sectors — need to be proactive and have oversight across their entire digital supply chain, including any third-party vendors. Only when there is constant monitoring and surveillance, can they effectively identify and remediate threats with speed.”