Officials in the Maricopa County Community College District (MCCCD), located in Arizona have serious dilemma on their hands. They are one of the more recent victims of a data breach, one that has the potential to affect nearly 2.5 million people. Ouch!
For the complete story, http://bit.ly/1gBHxkB.
I feel for everyone in this situation, with the exception of the criminals. Citizens really do wish to trust government entities with the personally identifiable information they share and government, I know, really does take the protection of this information seriously. Sad but true, government is a target rich environment for cyber criminals. The vast amount of personal information stored in databases, documents and systems can be a treasure trove for the unscrupulous.
However, it is far too often the case these days that the criminals want the information more desperately than many believe. Even with all the news, there are not enough people in government (yet) that fully comprehend the current level of sophistication of cyber criminals, nor the scope of the threat. ALL of government has become viable as targets, even small agencies and jurisdictions.
For officials in cash strapped jurisdictions, agencies and departments, especially those who've never faced a true data breach, it can be incredibly hard to get their head around all this, to fully appreciate the threats and to make the commitment to spend money on a modern cyber defense, money that is intended for other pressing needs. I appreciate money is tight, but, as the folks at MCCCD learned, you can decide for yourself to proactively spend to defend now, or you can allow a cyber-criminal to force you to reactively spend to clean up a breach PLUS defend later. Either way, spending on an active cyber defense is no longer optional or a nice to have. When faced with absolutely no other choice, the district’s governing board was able to free up $7M dollars just for the cleanup program alone. This is on top of whatever funding they decide to allocate to defend from future breaches.
So, stating the obvious, data breaches are costly in term of money, not to mention, the damage done to public trust. And, yes, a modern cyber defense is expensive, but, not nearly as expensive as adding in the cost of a clean up after the fact. Do you still believe this problem can be kicked down the road or that it will never happen to your agency?