What We Do
How we do it
Resources
TRU INTELLIGENCE CENTER
Our Threat Response Unit (TRU) publishes security advisories, blogs, reports, industry publications and webinars based on its original research and the insights driven through proactive threat hunts.
View Threat Intelligence Resources →
SECURITY ADVISORIES
Aug 17, 2022
Increase in Observations of Socgholish Malware
THE THREAT Starting in early August 2022 and continuing through the month, eSentire identified a significant increase in Socgholish (aka. FakeUpdates) malware incidents. Socgholish is a loader type…
Read More
View all Advisories →
Company
ABOUT ESENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1500+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Sep 20, 2022
eSentire Recognized as Top Global MDR Provider by MSSP Alert, CrowdStrike and G2
Waterloo, ON - September 21, 2022 – eSentire, Inc., the Authority in Managed Detection and Response (MDR), celebrated multiple industry recognitions as the leading global MDR provider, over the last week: Named #9, and the top pure play MDR provider on MSSP Alert’s Top 250 MSSPs global rankingRecognized as the CrowdStrike 2022 Global MSSP Partner of the Year Earned G2’s industry-renowned status…
Read More
Partners
PARTNER PROGRAM
e3 Ecosystem
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Learn more
ECOSYSTEM PARTNER RESOURCES
Apply to become an e3 ecosystem partner with eSentire, the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Apr 18, 2018

Greater risk to the business: the customer or the auditor?

4 minutes read
Speak With A Security Expert Now

In my first day of sessions at RSA Conference 2018, I noticed a recurring theme: associated risk mitigation from protecting the business vs. protecting the consumer. While no organization would publicly state that their primary focus of cybersecurity is to protect shareholder value vs. consumer well-being, the unfortunate truth is that for most organizations, the bottom line is really what drives cybersecurity investments.

My knee-jerk reaction, when seeing a couple of presentations on this topic, was that it had to be wrong. How could protecting the bottom line and protecting the consumer not be the same? How could lack of consumer protection not present the greatest risk to the organization’s bottom line? If customers are unhappy or lose confidence in an organization, wouldn’t client churn inevitably lead to destruction of the bottom line?

Am I loyal to a fault?

While that seemed to be the logical association, I thought to myself, how many times has my information – in any form – been breached (that I know about, that is)? Between Panera, MyFitnessPal and Equifax alone, I realized that almost every piece of information that digitally identifies me has been compromised to some extent, including my financial data.

I, then, thought about friends and family. Between healthcare organizations, retail and social media breaches, essentially every person I know has been a victim multiple times over. The real question is, did any of us delete our accounts, campaign against the organizations or stop doing business with any of them? Unfortunately, no. Equifax still has may data, I still eat at Panera, I still track things in MyFitnessPal, and friends and family would all say the same with respect to the organizations that breached their data.

The unfortunate reality is that breaches of personal, financial or social data seems to have become so commonplace in today’s digital world. The common consumer has a short reaction cycle; it essentially manifests in irritation, concern, hope and ultimately, little to no action or sometimes with more digitally conscience consumers implementing credit monitoring (sometimes paid for by the breached organization), freezing credit, changing passwords, watching bank accounts closely, etc. Yes, the consumer may be sent a new credit card, spend a couple minutes changing passwords, or an hour or two implementing credit monitoring or credit locks, but that’s about it. It’s typically not life-disrupting for most. It’s simply an inconvenience.

Business as usual after a breach

If you look at the stock prices of publicly traded companies that have been breached, there is typically a knee-jerk reaction from the time of the press release. Stock price has a short-term dip, the breach stays in the news for a couple of days or weeks until the next big breach hits, and things return to normal. Consumers don’t leave in mass exodus for competitors or riot in the streets asking for the jobs of those responsible.

If this is the case, then what is meant by protection of the business? Obviously, there is protection of intellectual property and disruption of production, but nothing affects the bottom line more than a client discontinuing business, right?

Enter the auditor

In the eyes of a Board, the possibility of an attack is theoretical. In a sense, hackers may attack or they may not, but an auditor will always show up, and the repercussions for non-compliance can far outweigh the consequences that we’ve seen from recent consumer reactions. For the Board, regulations and the resulting consequences make their way into governance and the short-term and long-term penalties can have far reaching business disruptive possibilities.

With regulations getting tighter and tighter and penalties getting bigger, the long-term risk presented by a breach is not by the consumer, but by regulators tasked with protecting those who may not know how to protect themselves. In essence, regulators are becoming the judge, jury and executioner for the people.

When examining this further, I started to list the short-term and long-term consequences of a breach and how many were associated with what an auditor could potentially influence:

Short term:

Long term:

While this list only represents some of the consequences that an auditor could influence or directly levy, the risk to the business is real and likely farther reaching than what today’s consumers present.

In conclusion, while I still think protecting the consumer protects the business, I think there has been a shift from a consequential standpoint: from the consumer who has the power and motivation to penalize, to the auditor who represents the consumer by holding businesses accountable, and ultimately affecting the bottom line.

We can help

At eSentire, we protect clients from cyber threats that could potentially end their business. Our 24x7 Security Operations Centers (SOC) are staffed by elite security analysts who hunt, investigate and respond to known and unknown threats in real time. Beyond detection and response, our clients also benefit from expert advice on how to address risks and known gaps and build a comprehensive cybersecurity program that meets even the strictest regulatory requirements.

Learn more about what we do.

Join 100,000+ Security Leaders

Get notified of the latest news, intel and helpful tools & assets. You can unsubscribe anytime.

By clicking the button below I confirm that I have read and agree to the eSentire privacy policy.

View Most Recent Blogs
Wes Hutcherson
Wes Hutcherson Director of Product Marketing
As eSentire's Director of Product Marketing, Wes oversees market intelligence, competitive research and go-to-market strategies. His mult-faceted, technology experience spans over a decade with market leaders such as Hewlett-Packard and Dell SecureWorks.