Technology Five Truths About Cyber Security

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://ww2.cfo.com/technology/2014/09/five-truths-cyber-security/

The average total cost of a data breach is now $3.5 million globally, a 15%
rise from last year, according to a 2014 study by the Ponemon Institute.
The likelihood of a company having a data breach “involving 10,000 records
or more stands at 22%,” finds the same study.

Consequently, CFOs have become increasingly fixated on “identifying
potential cyber risks and planning their corporate responses,” writes
ITWeb. With many CFOs also in charge of overseeing information technology,
“they are equally committed to determining how and where to invest company
resources on prevention.”

However, for CFOs to win the battle against cyber-criminals, they will need
to understand several truths, according to accounting firm Deloitte.

1. Your information network will be compromised. In today’s increasingly
sophisticated 24/7 tech world, this is a certainty on par with death and
taxes. The sooner CFOs accept this reality, the more they’ll be to minimize
data breaches at their company.

2. Physical security and cyber security are increasingly linked. Although
these two turfs tend to be viewed individually, threats like espionage,
intellectual property theft, fraud, counterfeiting and terrorism can begin
with physical access.

“In a common example, certain administrators may have full control over a
system such as payroll, customer data or billing,” writes ITWeb. “Armed
with that access, those employees or contractors might pay themselves with
false invoices, approve loans with special rates, or copy customer
credit-card data and employee files that contain sensitive information such
as social security numbers, with the purpose of selling the data, creating
identity theft, embezzlement or other fraud.”

3. Cyber damages go beyond dollars. Data breaches can damage a company’s
brand equity and drastically reduce customer confidence. Because of this,
some firms are contemplating taking out cyber insurance to “limit excessive
damages,” says ITWeb.

4. Everything can’t be protected equally. This relates back to the first
point. What are the most important data at your company that need
protecting? By establishing a hierarchy, a company can prioritize its
security spending.

5. Your walls are probably high enough. Most likely, a company’s firewalls
are “about as high as [they need] to be.” With that in mind, Deloitte
suggests that CFOs “should focus more on the detection side to increase
their vigilance against attacks and on recovery after the fact.”

Although the formula is different for each company, the accounting firm
advises “of the typical IT cyber-risk spend, 30% might be allocated to
wall-building, 50% to detection and another 20% to resilience preparation.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!