Is your enterprise breach-proof?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.financialexpress.com/article/tech/is-your-enterprise-breach-proof/67081/

Do you think your work related data is safe and beyond the reach of
hackers? Do the news headlines on frequent breaches, hacks and heists worry
you?

It will be surprising, if your answers to the above questions are not in
negative. The reality is that breaches are happening all around us. In this
scenario, the question we need to ask is not whether your company’s digital
assets will be attacked or not, but how ready you are to face the
consequences as and when it happens.

The situation is alarming and the threat seems believable when we put the
some statistics into perspective. As per a recent survey conducted by PwC,
in 2014 the total number of cyber security incident detected grew by 48% as
compared to last year and most of these data breaches happened from within
the organisation. Globally, the annual estimated reported average financial
loss attributed to cybersecurity incidents was $2.7 million, a jump of 34%
over 2013 as per PwC report. These numbers may not tell the full story as
many organisations are unaware of attacks, while others do not report
detected incidents for strategic reasons. However, the fact of the matter
is that breaches are becoming extremely common in today’s connected world
and organisations need to prepare urgently to deal with such situations.

Simple acts of an employee’s mobile phone theft or a misplaced office
laptop, have the potential to spur a series of complex cyber-attacks. As
more and more devices make way to our workplaces and assets move to digital
platforms, data breaches need to be assessed not as a threat but as a
reality of our times. Today, an attacker does not necessarily need to break
into a physical bank vault to rob it, he/she just needs to find a
vulnerability in the bank’s digital armour.

Data is the most valuable asset for any organisation and a loss can cause
irreparable damage to brand reputation, trust and wealth. From an
enterprise perspective, one needs to understand that data is at risk as
much within the organisation as from external as well. It is also important
to remember that third parties are often source of security risks.

As the saying goes ‘prevention is better than cure’, enterprises need to
focus on a prevention strategy against data breaches. The following factors
are critical to assess how well-prepared an organisation is:
* Fastness in identifying that your organisation has been breached
* Extent of data loss and assessment of damage results
* Time to recover and get back to business

Security must be built in at every layer of the organisation—hardware,
software, and network infrastructure—to ensure end-to-end protection. It is
imperative for enterprises and consumers to adopt a streamlined,
collaborative and end-to-end approach to data security. In order to
mitigate the risks involved with data breaches, enterprises must adopt the
following steps:

Data audit: Just like a financial audit of bank accounts, assets,
investments are critical to determine an organisation’s well-being, it is
equally important to assess and review the most important asset of an
organisation—data. But most businesses ignore this key component. The
starting point in the data audit process could be analysing data storage
points and modes of accessing the same. It is equally important to
understand access controls, encryption and other defences. The next step is
to make a list of current defences, costs, vendor and technology deployed.

Vulnerability assessment: Organisations must perform security and
vulnerability assessments on a regular basis against the entire digital
architecture of an organisation. While assessments can be performed
internally on an on-going basis, it is also recommended that third parties
should be retained periodically to ensure highest standards of coverage.

Diversify assets: Diversification helps to mitigate the impact of attacks
and breaches. Just like a sound financial strategy, it is important to
diversify an organisation’s digital assets. With due diligence and a robust
diversification plan, one can prevent attackers from causing collateral
damage.

Breach-up sessions: Just like preparing for the big pitch or a business
proposal, a breach is like a high pressure test and an organisation needs
to be prepared adequately to handle the situation. Regular mock breach
sessions will help develop a ready response to different breach situations.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!