BreachExchange mailing list archives
The war on data breaches
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 12 Jun 2015 13:03:35 -0600
http://www.information-age.com/technology/security/123459653/war-data-breaches A recent survey by the Ponemon Institute highlighted that poor communication, a need for more leadership and lack of board oversight are just some of the key reasons why some businesses are now at greater risk of an information data breach. More worryingly, 70% of executives surveyed did not fully understand the risks associated with a data breach. The survey also found that even when a data breach has occurred within an organisation, 65% of IT practitioners would modify or filter reports about a security incident. It is therefore likely that many CEOs, directors and other corporate leaders are in the dark about the state of their organisations’ breach preparedness. This statistic highlights the importance of staff working as a team to create the most robust data protection system possible, rather than simply expecting it to be taken care of. In 2014 alone, this knowledge gap and lack of preparedness resulted in 38 UK organisations incurring average costs of £3.56 million each due to data breaches – with individual costs ranging from £544,964 to £14 million. With the risks of data breaches on the increase and security growing ever more vital, it is now more important than ever for senior business leaders to work closely with IT functions within a business. IT professionals have pressure from senior leaders to quickly find and implement a solution to an IT issue. But this traditional, reactive approach won’t work any longer. As the threats faced by businesses become more sophisticated, data protection systems must also improve and be ready for a breach before it occurs. To achieve this, senior leaders and IT professionals now need to work more collaboratively and transparently together. In doing so, they can devise security solutions that are ‘tailored’ to their business, allowing staff to carry out their job to a high standard whilst minimising the risk associated with a data breach. This will ultimately place a business in a position that better protects its brand, reputation and data. Whilst implementing solutions that prevent data breaches is critical, research by the Ponemon Institute also suggests that almost 50% of those surveyed were unclear on an incident response plan should a data breach occur. This is an area that needs to be jointly addressed by business leaders and IT practitioners. For any business looking to implement an information security programme, here are three key pieces of advice: 1. You can’t embark on a project like this alone If you have no experience of information security management then bring in a consultant - there is no substitute for the knowledge and skills that they can provide. A consultant will not only perform an initial Gap Analysis but can also implement a skills transfer programme to provide staff with essential knowledge moving forward. Alternatively you could recruit a person that has this knowledge to be an ‘in-house’ expert. 2. It’s vital that the entire senior management team understands the purpose of the programme and has the ability to input Without their buy-in, the programme will never be 100% effective. Similarly, if staff do not adhere to policies and procedures that are implemented data could still be at risk. 3. You need an individual who is going to drive this initiative through the organisation Depending on the size of your business, this could be a full or part time role – but one person has to be on hand to continually update documentation and ensure people are engaged with the programme. Staff ‘buy-in’ is essential to making the programme a success and this buy-in will come from knowledge and understanding of why the new initiatives are necessary. IT functions will continue to face an increasing number of challenges in the coming years. The lines between IT and other functions in an organisation are now becoming increasingly blurred. It is therefore of paramount importance that all involved proactively collaborate and co-create, resulting in the very best system for that specific organisation. For this to truly happen, it must come from the top, so the initiative can feed down into every area of the organisation. Business leaders must understand the importance behind a company’s data and how they will protect it in the long term. After all, it is surely better to have a reputation for excellence than a company that has faced a data breach.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- The war on data breaches Audrey McNeil (Jun 17)