I recently spoke about the FTC’s lawsuit against Chegg, a major education tech firm, in one of the weekly tech tips interviews I provide our local TV news station. In this lawsuit, one of the first of its kind, the FTC is accusing Chegg of willfully neglecting their cybersecurity responsibilities resulting in 4 significant breaches of Chegg related data and systems in the last 3 years. This situation reentered my consciousness this week after the FS-ISAC included an article link in one of their recent weekly bulletins discussing this same situation. This topic deserves a little bit more conversation.
For far too long, organizations have been playing with fire when it comes to the safety and security of their data, both internal and customer related. Far too many businesses play the game of security by obscurity or sleep well at night assuming their organization is too small to be attacked. Others know there are legitimate threats facing their IT infrastructure and still choose to roll the dice with the misplaced comfort that cyber insurance will soften the blow to their bottom line in the event of a breach. Still others suffer through a significant compromise, but then fail to plug the holes in their infrastructure or add the necessary layers of defense to keep their organization’s IT resources safe in the future. The question we have to ask is “Why?”.
Is it all about cost? Is it arrogance? Is it apathy? Is it a lack of knowledge and understanding? It is probably yes to several of these questions for most organizations. We cannot stop shining the spotlight on these situations. We need to encourage good cyber hygiene, and if that fails, we need to add a good dose of guilt and constructive criticism. Because at the end of the day, it very well could be our data breached in the next attack or our money lost due to the failure of another organization. We are all truly in this together!
The following is a link to the WCYB tech tip article: