Warehousing Worries and More on the Citrix Breach
A constant source of surprise for many C-level exec's who use our free cyber security assessment service (you can sign up here) is when they realize that just because they use a third-party to warehouse data, that doesn't relieve them of risk (liability) exposure.
Case in point this week is the massive data breach involving Citycomp- a firm many Americans will not be aware of because it's a German IT infrastructure provider. But, a lot of top-notch corporations (including Airbus, Porsche, Toshiba and Volkswagen to name a few) do use their services.
Citycompexperienced a breach recently and judging by how their statement began, it was not a huge deal. If we can quote?
"CITYCOMP Service GmbH was the victim of a targeted cyberattack in early April 2019. A still unknown perpetrator has stolen customer data of CITYCOMP and threatened the company with publication, should it not comply with the blackmail attempt. CITYCOMP with the help and support of external experts and the State Criminal Police Office of Baden-Württemberg successfully fended off the attack and implemented supplementary security measures of all systems. The incident analysis of Deutor Cyber Security Solutions GmbH, G DATA Advanced Analytics GmbH and the Federal State Police Baden-Württemberg showed that at no point any indication for a risk of further infection of customer and partner systems, but for security reasons some of the systems have nevertheless been disconnected. "As we dug into the story a bit more (being statistical addicts - a useful thing in the insurance arena!) it turns out the size of the breach was a staggering 516 GB of data according to Motherboardand other sources.
While we strategize on our client's behalf, we view this magnitude of breach as a huge warning sign to middle tier companies. They SHOULD be totally awedby the size of the financial risk.
Let's assume that the records involved in this size of breach ran 1K of data each.
We pencil out numbers like 516-million records. And when you apply a cost-per-per record breached in the $100 range (admittedly, low-balling this), it begins to look like the Citycompbreach may have $5 to $6-billion dollar breach cost potential.
Wild guess on our part here, but how many companies have that kind of free cash on the balance sheet?
Meantime, we're also getting dribs and drabs about the recent Citrix breach. The Kate O'Flaherty coverage in Forbeshas been very good. Forbesis doing a great thing, getting ahead of the pack with a cybersecurity reporter.
No doubt, we will have more to report next week since - like resource depletion - the hacking never stops.