World-renowned cybersecurity expert William Saito weighed in recently on the recent and massive hack of credit reporting company Experian. Writing on his blog, he talks about the sheer scale of the attack, which compromised the data of over 143 million people and resulted in many lawsuits.
His advice for companies that experience such data breaches is to be careful not to blame the victim. He says that when a breach like this happens, many companies start rushing for a scapegoat. This kind of mentality will discourage lower-level employees from coming forward and reporting problems quickly, as they do not want to be blamed. Mr. William Saito talks about the importance of maintaining an environment where someone can report a data breach without fearing for their job.
He further argues that, if an employee does not quickly report something suspicious, it can be devastating to security because of the importance of catching a breach early. Cyberattacks usually happen in stages…first, they begin by monitoring the target system in whatever way they can. This is how they find a vulnerability that they can exploit in order to gain entry. Much like a burglar casing a house, they can often be caught before they actually take anything of value.
I must say I agree with Mr. Saito on the importance of maintaining an open system of communication which refrains from blaming the messenger for these kinds of events. When I think about the Uber hack a few years ago, I recall that employees hid the breach from the public for a long time. This made the information that much more damaging when it did finally come out.
William Saito is a Japanese-American computer security expert with a list of highly impressive credentials. Perhaps the most notable of these is the fact that he started his first computer security business venture while attending junior high school. This venture, called I/O software, developed a fingerprint recognition system that was bought and used by Sony. They also designed a system that displays Japanese characters when using software written in English. This software company was later sold to Microsoft in 2004.
After this, he moved to Japan and began to establish himself there as a venture capitalist. In the aftermath of the Fukushima disaster, he was hired by the Japanese government to oversee IT and technical support for the committee investigating the disaster. This led to a number of other government positions in the area of cybersecurity. He served as a top advisor on cyber security to Japanese Prime Minister Shinzo Abe, and served formally in the same regard for the cabinet office. He held that position from 2013 to 2017, as well as serving in an advising role for several other government committees.