The Next Cyberattack Is Coming: Is Your Company Ready?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.forbes.com/sites/centurylink/2015/06/08/security-countdown-3-steps-to-stronger-cyber-defense/

It’s estimated the average cost of a data breach is $12.9 million. That’s
significant considering there were nearly 800 major data breaches reported
in the US alone last year, with 81 million private records exposed.  Yet
many are still ill-prepared for the new age of cybercrime. Recently, PwC
indicated less than half of companies surveyed are taking necessary steps
to protect their business. This lack of action is not only leading to
significant costs, but can result in immeasurable damage to corporate
reputation. And the threat isn’t only coming from the outside.

More than disgruntled employee sabotage, many internal threats stem from
lack of corporate oversite – as employees are free to download rogue
software, access corporate data on personal devices, and conduct business
using smart phones. The surge of “Shadow IT” – leveraging various
software-as-a-service platforms or cloud storage offerings like Dropbox in
the corporate setting – is pushing the threat even further.  Partners must
also be included in any security equation as an extension of the business.
The practice of openly sharing assets and logins can create dangerous holes
in security of data.  Add into the mix new regulations like HIPAA – and
that nearly 60 percent of IT and business decision makers in the US are
only moderately confident of their own compliance – it’s no wonder
companies need to worry about multiple points of weakness across the IT
infrastructure.

To build a more secure environment, IT is advised to begin with an “asset
segmentation” exercise to evaluate what’s out there – and then prioritize,
segment and lock down each group by level of criticality. This aligns most
important assets with appropriate identity and access controls, as well as
multi-layered security. Teams can then balance performance and cost to
additionally secure assets less critical in nature. While basics such as
firewalls and perimeter protection are absolutely necessary, effective
security requires a comprehensive approach including monitoring, ongoing
analysis and incident response management.

If all of this sounds complicated – it is. Quite often, finding the
in-house skills to properly implement required security measures is simply
not an option. That’s why outsourcing has become such a popular approach.
These third-parties can help you assess your risk across the board and
segment your assets effectively –  adding access management controls as
well as sophisticated firewalls, threat intelligence and IPS technologies
where needed. The end result is that your key assets get the extra
attention and protection against  threats that could harm your business.

You can learn more about the challenges and opportunities companies face in
the new age of IT security at the IDG and CenturyLink live meet-up — “The
Weakest Link” series – on August 26th in Washington D.C.  The event will
include presentations by IDC and CenturyLink executives on “Preparing in
the Hostile IT World” and “Best Practices in Security that can Save Your
Business” – and help attendees build strategies suited for their own
businesses  You can also see where else we’ll be this summer .

The risk of cyberattack and internal breaches is becoming too great to
ignore. Companies must prepare now to avoid becoming another victim of IT
attacks. The next-generation of cyberattacks are here. Are you ready?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!