For 3 years between 2011 and 2014, something nasty was happening on Morgan Stanley's network, but the firm had no idea. Then from December 2014 through February the next year 730,000 customer accounts were leaked online.
Was this a highly sophisticated attack? No. Was this the result of a foreign government trying to steal valuable data? No again. The cause was a disgruntled employee, who decided to slowly siphon data off the computer systems and take it home.
Is this breach then the employee's fault? Yes, as he was sentenced to 3 years of probation. But more importantly, is this Morgan Stanley's fault? The SEC thinks so. Morgan Stanley is being slapped with $1 million in fines for failing to protect client data. This is completely a result of Morgan Stanley lacking the visibility to see what was actually going on within their own walls.
This may be news, but similar breaches happen all the time - almost always due to a lack of visibility into what is actually going on. Not only did Morgan Stanley lose client information, but their stock was impacted, they were slapped with fines, and most importantly they lost a little bit of trust.
Good security is not just about stopping the bad guys, it's about assuring your clients that they can trust you. It's about genuinely caring for your business. It's about doing things the right way and not being sloppy. This is what we refer to as operational excellence. Cybersecurity ensures operational excellence in addition to identifying how the ever-changing threat landscape can impact business.