Consequences are increasing for companies that don’t take cybersecurity seriously.
You might be thinking, “haven’t there always been repercussions for companies that are lax with their cybersecurity?” There have indeed always been, but they fell mostly on the company, not on the individual people responsible.
That’s the difference with the new stance the Federal Trade Commission (FTC) is taking. From now on, it will be the individuals, as well as the company, that pay the price for lax cybersecurity practices.
As we mentioned in a previous blog post, Uber’s former CSO, Joseph Sullivan, has come under intense investigation (and is facing jail time) for covering up a data breach.
But Sullivan is not alone.
The FTC just penalized the alcohol delivery service Drizly and its CEO, James Corey Rellas, for allowing a data breach that compromised the personal information of 2.5 million people.
In the FTC’s official complaint, they write:
“Drizly failed to use appropriate information security practices to protect consumers’ personal information.
These failures allowed a malicious actor to access Drizly’s consumer database and steal information relating to 2.5 million consumers, as described in greater detail below.
Rellas is responsible for this failure, as he did not implement, or properly delegate the responsibility to implement, reasonable information security practices. Indeed, as CEO of Drizly prior to and during the breach, Rellas hired senior executives dedicated to finance, legal, marketing, retail, human resources, product, and analytics, but failed to hire a senior executive responsible for the security of consumers’ personal information collected and maintained by Drizly.”
The FTC holds Rellas personally responsible. This will follow him for the rest of his life. Any company that hires him going forward will have to undergo intense security audits before hiring him and, if they are a start-up, when they decide to go public.
This is the kind of severe scrutiny executives can expect going forward. Anything less than a hypervigilant attitude toward cybersecurity will be an albatross around your neck for the rest of your career.
Many people only realize the risks of poor cybersecurity once it’s too late. People think that cybersecurity is too complicated, or they think they need a larger team/budget.
Coro is specifically designed for growing companies with lean IT teams. Our product is affordable and uses sophisticated AI to do the majority of the work for you. With Coro, the most you ever have to do is just a single click. What’s more, our unified platform covers email, data, cloud, apps, endpoints/devices, and even users. With one platform for all of your domains, you eliminate the risk of blind spots that hackers can take advantage of.
Want to learn more about what makes our award-winning platform so unique?