High-profile Breaches Shed Further Light on Need for IT Risk Management
It was a breach of such magnitude that the media quickly coined one of the most massive leaks in modern history the “Panama Papers.” Never mind that it incriminated leaders from around the world, it also shed light on the urgency of companies, both large and small, to take a hard look at their procedures for keeping so-called confidential information confidential.
More than 11 million documents, referred to as the Panama Papers, date back over a period of several years — all linked to Mossack Fonseca, a law firm in Panama. The allegation is that Mossack Fonseca basically acted as a tax haven, giving its clients the ability to hide the source of significant sums of money.
Although it’s unlikely you’re engaged in questionable activity, you need to revisit your company’s risk management and how it’s functioning from an IT perspective. Without the proper measures and procedures in place, you could be putting your company at great risk for an embarrassing breach.
Here are some things to consider when developing an IT strategy that sheds light on your vulnerabilities and gives you the direction to establish a risk management strategy.
Breaches becoming all too common
According to senior security consultant Zak Maples of MWR InfoSecurity, data breaches are becoming commonplace, with many of them not gaining international headlines as the Panama Papers but causing significant damages nevertheless to companies of all size.
“Data breaches are often causing irreparable brand and reputational damage to the businesses involved,” he said in a ComputerWeekly article. “This proves that businesses need to take cyber security seriously as a business problem and not just an IT problem.”
According to Maples, companies can defend against breaches by making sure they have an active cyber security program that puts them on the offensive — predicting, preventing, detecting and responding to attacks.
“All too often, organizations fall into the trap of putting too many resources into trying to prevent an attack from happening in the first place, rather than understanding where security spending offers the most return on investment,” he said.
For example, he said, companies can adopt controls that detect large spikes of data being transferred out of the organization. Also, “other data loss prevention (DLP) controls could have helped to prevent the data being exfiltrated or being widely disseminated,” Maples said.
The research firm Gartner listed IT security and risk management among the Top 10 IT Trends last year. Here’s what it had to say about moving these areas to the top of your priorities: “Organizations will increasingly recognize that it is not possible to provide a 100 percent secured environment," Gartner said in its report. “Once organizations acknowledge that, they can begin to apply more-sophisticated risk assessment and mitigation tools. On the technical side, recognition that perimeter defense is inadequate and applications need to take a more active role in security gives rise to a new multifaceted approach.”
The company said that it is crucial to address a number of areas, including security-aware application design and dynamic and static application security testing. It also predicted new approaches would be developed to ensure that security is built directly into applications. “Perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting,” Gartner said.
Contact Lifeline Data Centers for colocation services that are among the best in the Midwest. Ask us about our uptime ratings and certifications in compliance for various industries. Contact us about your specific needs. We’re looking to hearing from you.