Data breaches: are we in danger of crying wolf too many times?

Most people have heard the fairy tale of The Boy Who Cried Wolf from Aesop’s Fables, in which a young shepherd repeatedly cries wolf to trick nearby villagers into thinking a wolf is attacking his flock. Of course, when a wolf does actually attack his flock, his cries for help go unheeded.

Thinking about this fairy tale got me thinking about data breaches. With every new data breach, we get a lot of hype online and in the trade press about how many million pieces of personally identifiable information (PII) have been stolen or the potential financial loss it could have for the organisation(s) involved.

While these are no doubt salient pieces of information, if we are continually bombarded with these types of information isn’t there a risk of malaise? This could have an effect similar to that of crying wolf too many times, so that no one takes any notice of the latest data breach, and leaving the real dangers regarding risks, threats and vulnerabilities unaddressed.

I think there is a real danger here. We see it in many forms of human behaviour where repetition breeds familiarity. If we see a similar message with each data breach, it dulls the message each time it is used.

But what can we do to address this?

The idea here is to stop the sheep being eaten by the wolf, or – in the case of data breaches – preventing someone hacking your systems and stealing data. Taking a balanced approached to addressing information security is the best way, using an approach such as ISO 27001 .

Using ISO 27001 not only lets you address the human (behavioural) aspects of information security, but also the technical aspects. It allows you to implement an information security management system (ISMS) that helps you to address risks, threats and vulnerabilities in a methodical and proportionate way.

ISO 27001 helps organisations cut through the hype of data breaches (and shepherds crying wolf) and implement information security controls that are fit for purpose and not for the headlines.