What We Do
How we do it
Resources
SECURITY ADVISORIES
Oct 18, 2021
Grief Ransomware Gang Claims 41 New Victims, Targeting Manufacturers; Municipalities; & Service Companies in U.K. & Europe
Grief Operators Earned an Estimated 8.5 Million British Pounds in Four Months Key Findings: The Grief Ransomware Gang (a rebrand of the DoppelPaymer Ransomware Group) claims to have infected 41 new victims between May 27, 2021—Oct. 1, 2021 with their ransomware.Over half the companies listed on Grief’s underground leak site are based in the U.K. and Europe. The Grief Ransomware Gang appears to…
Read More
View all Advisories →
Company
ABOUT eSENTIRE
About Us
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 1000+ organizations in 70+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
Read about how we got here
Leadership Work at eSentire
LATEST PRESS RELEASE
Oct 12, 2021
eSentire Launches MDR with Microsoft Azure Sentinel Extending Response Capabilities Across Entire Microsoft Security Ecosystem
Waterloo, ON – Oct. 12, 2021 -- eSentire, recognized globally as the Authority in Managed Detection and Response (MDR), today announced the expansion of its award-winning MDR services with Microsoft Azure Sentinel, as part of its integration with the complete Microsoft 365 Defender and Azure Defender product suites supporting Microsoft SIEM, endpoint, identity, email and cloud security services.…
Read More
Partners
PARTNER PROGRAM
Partners
Our award-winning partner program offers financial rewards, sales and marketing tools and personalized training. Accelerate your business and grow your revenue by offering our world-class Managed Detection and Response (MDR) services.
Learn about our Partner Program
PARTNER RESOURCES
Apply today to partner with the Authority in Managed Detection and Response.
Login to the Partner Portal for resources and content for current partners.
Search
Resources
Blog — Apr 18, 2018

Greater risk to the business: the customer or the auditor?

In my first day of sessions at RSA Conference 2018, I noticed a recurring theme: associated risk mitigation from protecting the business vs. protecting the consumer. While no organization would publicly state that their primary focus of cybersecurity is to protect shareholder value vs. consumer well-being, the unfortunate truth is that for most organizations, the bottom line is really what drives cybersecurity investments.

My knee-jerk reaction, when seeing a couple of presentations on this topic, was that it had to be wrong. How could protecting the bottom line and protecting the consumer not be the same? How could lack of consumer protection not present the greatest risk to the organization’s bottom line? If customers are unhappy or lose confidence in an organization, wouldn’t client churn inevitably lead to destruction of the bottom line?

Am I loyal to a fault?

While that seemed to be the logical association, I thought to myself, how many times has my information – in any form – been breached (that I know about, that is)? Between Panera, MyFitnessPal and Equifax alone, I realized that almost every piece of information that digitally identifies me has been compromised to some extent, including my financial data.

I, then, thought about friends and family. Between healthcare organizations, retail and social media breaches, essentially every person I know has been a victim multiple times over. The real question is, did any of us delete our accounts, campaign against the organizations or stop doing business with any of them? Unfortunately, no. Equifax still has may data, I still eat at Panera, I still track things in MyFitnessPal, and friends and family would all say the same with respect to the organizations that breached their data.

The unfortunate reality is that breaches of personal, financial or social data seems to have become so commonplace in today’s digital world. The common consumer has a short reaction cycle; it essentially manifests in irritation, concern, hope and ultimately, little to no action or sometimes with more digitally conscience consumers implementing credit monitoring (sometimes paid for by the breached organization), freezing credit, changing passwords, watching bank accounts closely, etc. Yes, the consumer may be sent a new credit card, spend a couple minutes changing passwords, or an hour or two implementing credit monitoring or credit locks, but that’s about it. It’s typically not life-disrupting for most. It’s simply an inconvenience.

Business as usual after a breach

If you look at the stock prices of publicly traded companies that have been breached, there is typically a knee-jerk reaction from the time of the press release. Stock price has a short-term dip, the breach stays in the news for a couple of days or weeks until the next big breach hits, and things return to normal. Consumers don’t leave in mass exodus for competitors or riot in the streets asking for the jobs of those responsible.

If this is the case, then what is meant by protection of the business? Obviously, there is protection of intellectual property and disruption of production, but nothing affects the bottom line more than a client discontinuing business, right?

Enter the auditor

In the eyes of a Board, the possibility of an attack is theoretical. In a sense, hackers may attack or they may not, but an auditor will always show up, and the repercussions for non-compliance can far outweigh the consequences that we’ve seen from recent consumer reactions. For the Board, regulations and the resulting consequences make their way into governance and the short-term and long-term penalties can have far reaching business disruptive possibilities.

With regulations getting tighter and tighter and penalties getting bigger, the long-term risk presented by a breach is not by the consumer, but by regulators tasked with protecting those who may not know how to protect themselves. In essence, regulators are becoming the judge, jury and executioner for the people.

When examining this further, I started to list the short-term and long-term consequences of a breach and how many were associated with what an auditor could potentially influence:

Short term:

Long term:

While this list only represents some of the consequences that an auditor could influence or directly levy, the risk to the business is real and likely farther reaching than what today’s consumers present.

In conclusion, while I still think protecting the consumer protects the business, I think there has been a shift from a consequential standpoint: from the consumer who has the power and motivation to penalize, to the auditor who represents the consumer by holding businesses accountable, and ultimately affecting the bottom line.

We can help

At eSentire, we protect clients from cyber threats that could potentially end their business. Our 24x7 Security Operations Centers (SOC) are staffed by elite security analysts who hunt, investigate and respond to known and unknown threats in real time. Beyond detection and response, our clients also benefit from expert advice on how to address risks and known gaps and build a comprehensive cybersecurity program that meets even the strictest regulatory requirements.

Learn more about what we do.

Wes Hutcherson
Wes Hutcherson Director of Product Marketing

As eSentire's Director of Product Marketing, Wes oversees market intelligence, competitive research and go-to-market strategies. His mult-faceted, technology experience spans over a decade with market leaders such as Hewlett-Packard and Dell SecureWorks.