Incorporating Cyber Security into Business

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.bobsguide.com/guide/news/2014/May/12/incorporating-cyber-security-into-business.html

The cost of cyber security breaches for British businesses totals billions
of pounds.  This cost has tripled over the past year, as attacks on
customer data and, increasingly, intellectual property, appear unstoppable.
 According to a recent report by the Department for Business, Innovation
and Skills, eighty-seven per cent of small businesses and ninety-three per
cent of large organisations experienced at least one security breach in the
past year.

Balancing security priorities, with business flexibility and agility, is a
tough challenge. But it’s a challenge every executive management team faces
as it strives to drive business growth, achieve competitive advantage and
maximise operational efficiency.

Security breaches mean lost IP, compromised customer information and
confidence, and valuation impact. Among those responsible for setting
security strategy and operating policies, the temptation is strong is to do
whatever it takes to reduce risk. But if you simply restrict the business,
you hamper innovation and productivity.

As business environments change, security infrastructure must change to be
an enabler for business success. Whether you’re operating under increased
risk from advanced targeted attacks, or transitioning to the cloud or
mobile devices for the productivity, agility and efficiency these
technologies provide, the end result is the same: You need to adapt your
security infrastructure in lock-step. You can’t afford to leave gaps in
protection that today’s sophisticated attackers exploit. At the same time,
you can’t keep adding complexity with disparate security solutions that
don’t work together.

Adapting to changing business conditions

So what can you do as a cyber security professional, to enable the
enterprise with the flexibility and protection it needs to move forward
with minimal risk? You need a security approach that fits and adapts to
your changing business environment. Here are a few questions to ask vendors
when determining if a solution will offer you choice, flexibility and
effective protection for the future:

1. Can I access security solutions in a way that meets my business
objectives?
Even if you don’t need all the options beginning day one, the solutions
should be based on a platform that supports physical, virtual, cloud and
managed services offerings. Hardware, software and services form-factors
should work together seamlessly and be transparent to the user.
2. How do you support integration with other, complementary, solutions and
to what extent?
Most approaches to integration let you gather data from various sources at
a point in time, and analyse it, but typically can’t correlate and
translate that data into actionable intelligence. A tightly integrated
enterprise security architecture lets you enforce policies across multiple,
diverse, control points, without manual intervention, so that you can
contain and stop damage and prevent future attacks.
3. What flexibility do you offer to address new attack vectors and threats
as they emerge?
Being able to deploy additional security capabilities as needed (for
example, next-generation intrusion prevention, application control,
next-generation firewall, dynamic file analysis and advanced malware
protection), as part of an end-to-end security architecture, delivers the
flexibility needed to meet security needs today and into the future. If
this functionality is enabled via software upgrades and licensing, versus
buying another appliance, then provisioning and management is more
efficient and requires fewer resources on your part.

Attracting and retaining top talent

There’s collateral benefit to ensuring your organisation is protected as it
evolves: attracting and retaining cyber security professionals. A lot has
been written lately about the cyber security workforce crisis. It is widely
estimated that in the near future job openings for skilled cyber security
workers will top fifty thousand, between the public and private sector. And
according to a recent survey by cyber security initiative, SemperSecure,
more than half of today’s cyber security professionals put a premium on
interesting and challenging work, over salary and benefits.

Being part of a security team that is focused on protecting the latest
business models, with technologies that address new attack vectors and
sophisticated threats, is attractive to join and hard to leave.
Supplementing these technologies with regular training and certifications
is a must - on-going professional development not only gives security staff
the opportunity to keep their credentials up to date, but also ensures that
you are getting the most value from your security investments with a team
that knows how to optimise these technologies for maximum security
effectiveness.

Selecting an approach to security that offers the flexibility to adapt to
your changing business environment, lets you better protect the business
while enabling innovation and change. Those technologies can also become an
important advantage in recruiting and keeping talent. With the right
approach in place, you can foster a security environment that satisfies
everyone – from the boardroom to the break room.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!