Make Security Evaluation a New Year’s Routine

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.itbusinessedge.com/blogs/data-security/make-security-evaluation-a-new-years-routine.html

I’m back at my desk after a relaxing holiday vacation. It was a pretty
quiet time for cybersecurity, too. The only really disturbing news I saw
during my holiday involved adata breach at Chick-fil-A and the new theory
that the Sony breach likely wasn’t done by North Korea but by an insider
(but then again, some of us were questioning insider involvement from the
beginning).

You and I know too well that this little lull in cybersecurity news won’t
last very long, but I do think that this is a good time for companies to
review their cybersecurity procedures and policies. We saw the damage from
the fallout after the Sony incident and I think Target is still picking up
the pieces from its breach a year ago.

Near the end of 2014, Ponemon released a study, “2014 Cost of Cyber Crime
Study: United States,” that shows just how expensive and damaging a breach
can be: It revealed that it can cost upwards of $20,000 a day for incidents
that may take, on average, a month to fix. Jon Oberheide of Duo Security
pointed out that SMBs need to be especially concerned about these breach
costs, telling me in an email:

"While the mega-breach-du-jour gets the most media attention, Ponemon's
study calls out an important distinction: The impact of breaches is much
greater on small and medium businesses than the large enterprises. The real
challenge in cybersecurity is how to protect the millions of businesses who
don't have an enormous security budget or a large roster of top security
talent to defend their organization. And yet, they face the same attacks
and adversaries as the big guys. So while companies like Sony face dramatic
consequences in the short-term, they will rebuild, recover, and revisit
their security strategy to continue their operations in the long-term. But
if you're not a Sony-scale company ...you may just have your business
effectively wiped out."


So what steps can you take now to better protect your business from a
damaging attack in 2015? First, as Mark Samuels stated in a ZDNet article,
it is important to have a clear-cut cybersecurity leader in your company,
but also, every single employee needs to be on board with the security
policies and must do whatever they can to engage in better security
practices.

Second, IT should consider its security budget and what it is focused on.
In an eSecurity Planet article, Ann All wrote that smart spending involves
assessing the current network and security environment, taking note of what
the company is doing now and discovering where the weak spots are. Rather
than just throwing money at security concerns and hoping that will fix
everything, it is better to truly understand what the risks are and how to
most efficiently consolidate spending efforts.

Finally, make sure you know what you are working with. IT departments need
to know what devices are accessing the network and also whether or not the
device owners are following security protocols. After gift-giving season,
there will be a lot of new devices accessing the network, so now is the
time to assess the network and talk to your users about security policies.

Evaluating security is something that has to be on-going, of course, but
what better time of year to take a closer look at the cybersecurity
situation than at the beginning of the New Year, when everyone is looking
for a fresh start?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!