Are we being overly paranoid when it comes to cybersecurity? If you pay any attention to the media, it seems like there is an increasing deluge of frightening stories about corporate data breaches with hackers accessing credit card numbers, private emails, Social Security numbers and a range of other sensitive information. It’s enough to make a company want to go back to life pre-Internet. At the end of the day, just how scared should we really be? Are most companies really at risk of having their data stolen and PCs hijacked by malware? Or is it mostly hype? Here’s the thing — paranoia refers to irrational fears, but the fear of a breach is very rational. According to a recent study by Bloomberg, since 2005 more than 75 major data breaches (in which 1,000,000 or more records were compromised) have been publicly disclosed. Additionally, the Ponemon Institute released a report last September with the staggering finding that 43 percent of companies had a data breach in the past year. These numbers don’t lie. Whether you believe it or not, there are “bad guys” out there who will go to extreme measures to steal your company’s information and wreak havoc. Companies should be cautious and aware of the risks so they can make sure the right preventative measures are in place. CSO Online offers 10 great tips that can help information security leaders make sure they are ever-vigilant and have a proactive security posture.
- Believe in defense-in-depth and constantly be looking for areas in which to add new and effective layered controls that align with risk mitigation objectives or emerging threats
- Continually look to add additional instrumentation to widen scope and depth of coverage for existing controls
- Always monitor the sensor network with eyes on the system and review of controls
- Continually look for ways to better inspect and correlate data from multiple sensor streams
- Pay special and close attention to application security for critical business applications that have access to confidential and private data and transcend much of the layered security
- Constantly seek to understand the business better, so as to improve and refine the information security risk assessment
- Stay informed about vendor risk process and management to ensure that vendor access to confidential and private data is managed and controlled
- Always work with your business to better leverage relationships for pushing the security agenda and to create informal channels for security awareness
- Constantly stay informed about new disruptive technology and evaluate its potential security impact before the business use case shows up for security review
- Never lose sight of the fundamentals ... like always patching ... patching … patching
Feel free to share your tips on what organizations can do to make sure they’re building resilient security measures and creating an environment of healthy caution.