How data breach nearly cost Lotteries operator its license to trade

Gidani (licensed operator of the South Africa national lottery) recently came perilously close to losing its R400 million a year contract due to a massive data breach.

The reason for this near-miss was its failure to secure its business critical data (a requirement of their contract with the National Lotteries Board) – with two independent audits questioning existing measures to protect confidential data.

The much publicized data breach that led to fraudulent activity at Gidani, of course, played a crucial part in highlighting the failings of the technology and processes in place at the operator.

According to local news reports “the board initially considered revoking Gidani’s licence altogether . . . but it had since decided to fine the company instead.”

That a case of poor data security nearly put Gidani out of business is by no means an isolated incident. History is littered with companies that suffered severe loss of business and damage to market reputation through data breaches of confidential information – just ask SONY.

Make.Believe?

The Ponemon Institute estimates that last year’s data breach at SONY will cost the company an absolute minimum of $5.6 billion – with the majority of cost attributed to “expense outlays for detection, escalation, notification, and after-the-fact (ex-post) response” as well as the “economic impact of lost or diminished customer trust and confidence as measured by customer turnover, or churn, rates.”

$5.6 billion, R400 million a year – whatever the monetary value that is associated with data security breaches, it pales in comparison to the direct impact a failure to protect data can have on company board members in their personal capacity.

Board liable

Company secrets, resources and knowledge bases have become exceptionally valuable – and the loss of this sensitive information can lead to massive reputational damage, hefty financial penalties or even incarceration. Often companies think a data breach won’t happen to them as they fail to understand the risks and threats involved.

While South Africa struggles towards aligning its data protection legislation with that of the rest of the world and, particularly, the UK and the USA, with Acts such as the Protection of Personal Information Bill (PPI) – the effective protection of information has become an increasingly topical issue for the South African population.

This incident further increases the public’s concern around the Intelligence Minister’s information being ineffectively protected, and now, compromised – as South Africans gain greater insight into how vital protecting data really is.

Data Loss: The Bigger Picture

With the Protection of Personal Information (PPI) bill (currently being drafted) in South Africa, board members are staring the possibility of being held personally liable in the face, with prison sentences, fines and the like on the cards should companies be found guilty of not taking appropriate steps to safeguard their business critical and confidential information.

The direct cost and personal liability to businesses and individuals alike are sure to make believers out of those skeptical of the importance Governance, Risk and Compliance (GRC) plays in business operations today. However, the consequences of a data breach can be very severe and can cause reputational damage as well as financial penalties.

Ask “The Gov”

Cibecs is well aware of the reluctance within organizations to take decisive action in terms of their GRC status, especially amongst IT professionals who already find their plates filled to capacity.

In order to assist companies in their quest for hassle-free compliance, Cibecs is making the services of its in-house GRC specialist, “The Gov”, available to field any and all GRC-related questions.

“The Gov” is also more than happy to share his in-depth knowledge of procedures relating to the security of mission critical data.

“We encourage companies of all sizes to get in touch with The Gov to ensure their procedures are in line, their data sufficiently protected and their business continuity planning on par with industry best practices,” says Cibecs Marketing Manager, Brandon Faber.

“Questions can be posed to the Gov on the following address: thegov@cibecs.com.”

FEATURED POSTS
IT Managers: How to Protect Your Users Against Ransomware

The best way to protect yourself, your users and your business against ransomware is by setting up a proactive defence. The ransomware statistics paint a frightening picture for anyone in charge of IT: In Q3 2016 alone, 18 million new malware samples were captured. Source: Panda Labs   What that means is that the criminals…

Cibecs Joins Silicon Valley Top 20

Cibecs Joins Silicon Valley Companies to be Listed on Top 20 Most Promising Storage Solution Providers of 2016 Cibecs, a leading South African endpoint backup, protection and security solution, has been recognised as one of the 20 Most Promising Storage Solutions of 2016 by CIO Review. The list, compiled by industry insiders, highlights leading global…

4 Signs You Need a New Endpoint Data Backup Solution

With more workers depending on laptops it is more important than ever to ensure that the work protected and stored on those devices is backed up and protected. Forrester Research says that 45% of corporate executives don’t follow policies for data use and handling. Underlining how at risk almost half of a business’s data actually…

Discover how easy endpoint data protection can be