Learn about Zero Trust Architecture
Impenetrable cybersecurity without sacrificing usability
Gain detailed visibility into all your endpoints activities
Harden applications and hardware environments
Immediate and continuous response to incidents
Close the window of time your data could be exposed
Get your Comodo solutions setup, deployed or optimized
Control access to malicious websites
Defend from any internet based threats
Stop email threats before it enters your inbox
Preserve and protect your sensitive data
Keep your website running fast and malware free
Add encryption to your websites
Automated certificate mgmt. platform
Secure private intranet environments
Digital signature solutions for cloud apps
Encrypt emails for senders and recipients
Stay compliant with PCI DSS
Trusted authentication for IoT devices
Francisco Partners a leading technology-focused private equity fund, has acquired a majority stake in Comodo’s certificate authority business. Newly renamed from Comodo CA Limited to Sectigo Limited. Privacy Policies, Trademarks, Patents and Terms & Conditions are available on Sectigo Limited’s web site.
Meet the people behind the direction for Comodo
Get the latest news about Comodo
People are the key to achievement and prosperity
Stay up to date with our on-demand webinars
Worldwide: Sales, Support and General Inquiries
Schedule a live demonstration of our solutions
Need immediate help? Call 1-888-551-1531
Instantly removes viruses to keep your PC virus free
Experience true mobile security on your mobile apple devices
Secure Internet Browser based on Chrome
Chrome browser internet security extension
Submit a ticket to our support team
Share any product bugs or security flaws
Collaborate with research experts on data sets
Valkyrie Threat Intelligence Plugins
Valkyrie Threat Intelligence APIs
There is a right way and a wrong way for an organization to handle a data breach. Unfortunately, they are sometimes the SAME way.
The consensus in crisis management is that it is always best to get in front of a bad news story by getting it out quickly so you can frame the story in your own terms and, hopefully, get it behind you sooner. In the recent Target data breach, the department store has been praised for its public acknowledgement of the breach, while also being criticized for being vague about the causes and minimizing potential consequences to consumers.
In 2011, VeriSign was widely criticized for failing to disclose a serious data breach that occurred in 2010. It only became public when it mention in an SEC mandated filing. That’s a heck of a way to treat customers that could be impacted.
On the other hand, a March 2011 study by the Ponemon Institute concluded that companies often disclose a data breach too quickly, before the causes and scope of the breach are understood. This can result in unnecessarily upsetting customers and others who were not actually impacted.
Interestingly, this study was sponsored by Symantec who happened to purchase the SSL Certificate business from VeriSign that may have been a victim of the 2010 breach. Because of this, Symantec and its SSL business lost a significant amount of credibility. SSL Certificates are used to ensure you can trust a web site you are visiting. If you can’t trust the Certificate Authority that issues the certificates, what good are they?
A critical factor to determine how quickly you go public with a data breach is the significance of the data being breached. In today’s digital world, Personal Identity Information (PII) can be used by criminals and those with malicious intent to cause serious fraud and harm. It doesn’t have to be a social security or credit card number to cause a person grief. If there is enough information to individually identify a person in a particular context, such as the owner of an SSL Certificate, serious harm can be done.
There definitely needs to be a middle ground between rushing the bad news out prematurely and doing absolutely nothing as VeriSign did. The key is to act quickly on a forensic investigation and to take appropriate action promptly once the facts are in hand.
Unfortunately, in our highly litigious society a firm may feel compelled to bring in the lawyers before they bring in a forensic technology expert. As anyone who has watched an episode of the old show “The Practice” knows, the first thing a good defense lawyer tells the accused is to shut up. That can be good advice when being prosecuted, but is a very bad business practice when dealing with customers and the public.
On the other hand, the legal landscape in this area is murky. Many states have passed laws regarding protecting personal information, some in general and some for specific industries such as health care security and credit reporting. The “Data Accountability and Trust Act” has been stuck in Congress for several years. If ever passed, it could require notification of those affected by a data breach with 60 days of the incident.
Of course, the best thing to do is to prevent the breach in the first place. A 2012 Verizon report found that most data breaches could have been prevented if the victims had simply implement firewalls and used antivirus protection. Why take such chances when Comodo provides antivirus protection that guarantees you will never be harmed by a virus?
Sign up to our cyber security newsletter
Comodo Cybersecurity would like to keep in touch with you about cybersecurity issues, as well as products and services available. Please sign up to receive occasional communications. As a cybersecurity company, we take your privacy and security very seriously and have strong safeguards in place to protect your information.
See how your organization scores against cybersecurity threats