Friday, June 24, 2011

What Do IMF, Citigroup, And Sony Hacks Share?

Information Week recently posted an article on security breaches (click link above).  They highlight some of the more recent breaches and then note that the number of hacking attacks is rising.  The good news is that organizations are confirming the breaches.  A sign that they have a working Written Information Security Plan (WISP).  The bad news is that the number of attacks is already high, we are just becoming more aware of the facts.  Even worse, how many companies have and will be violated and not know it.  There can be a long delay between when a breach occurs and that fact is realized.

Nothing is safe.  You cannot build the perfect mouse trap.  A WISP plan is a must.  It enables a company to be proactive and have a practiced plan to implement when the worst happens.  Just like fire drills in school.  Practice, practice, practice, build confidence and when that event happens, you are rehearsed and ready to resolve the issue, not just react to it.  The public eye will be watching you.

The biggest asset at risk is the company’s reputation.  It can take years to win back the confidence lost in a moment.

The article makes a good point that companies have been busy addressing the regulatory issues and compliance related to those regulations.  Too busy to focus on a multi-tier solution in which all data is encrypted, all processes are reviewed and singularly most important, the employee, or should I say, the human element is addressed.

Andrew Baker from Focus makes good points about this article as well in his blog post Security short-sightedness is catching up to many organizations.  Andrew states: Years of short-sightedness has led many organizations to this place.”  His comments are worth the read.  Bare minimum compliance, security departments seen as a burden rather than asset, and the all important public relations fallout from a breach.

The only real cure is to remove the value of having the information.  Attach no value to having it and you reduce the attractiveness of stealing it.  In the mean time a working WISP plan is the best route to take.  An ounce of prevention is definitely worth the pound of cure.

Dolvin Consulting has teamed up with Cyber Security Auditors and Administrators (CSA2) to provide a comprehensive and complete solution to these threats.  Cyber, Information Technology, Legal, Insurance, Forensic and Human Resource expertise packaged as your solution or to assist your staff.

Click here for Dolvin’s contact information.  We are here to help.

No comments:

Post a Comment