In today’s business environment no organization is safe from the threat of cyber crime. Advanced malware, stolen credentials, operating system vulnerabilities, 3rd party compromise and botched incident response have been the overlapping themes across 2014’s most notable breaches.
Since December of last year every new headline brings news of a breach larger than the last. While a zero-day flaw in Windows ultimately allowed the foothold needed by the Home Depot attackers to complete their mission, the initial compromise was the result of stolen third-party vendor credentials. The issue of supply chain problems and third-party access once again comes to center stage, much like it did in the wake of the Target breach.
One of the challenges of information security is organizations with immature programs that are operational and reactive and not strategic and preventative. A chain is only as strong as its weakest link and the same is true in information security. As a security community every time one of our peers is compromised it affects us all- cyber hygiene isn’t about protecting one organization, it s about protecting everyone. The information security community is failing in its support of smaller more susceptible organizations without adequate resources to architect an effective security strategy.
Organizations without information security leadership at the executive level are more likely to give insufficient priority to cybersecurity and security teams are likely to struggle with high levels of frustration, turnover and subsequent data disclosures. A knowledgeable experienced security professional must provide the appropriate guidance and education to lead an organization in protecting itself and its customer at the executive level.
That isn’t to say that larger organizations are not making the same mistakes. We will use Target, 2014 Scapegoat of the year, as the example. The story to be told about Target is that their not having a Chief Information Security Officer is at “the root cause” for the breach that exposed over 40 million credit cards and 70 million personally identifiable records.
“Without a CISO, no one was able to articulate cyber risks to senior executives, said Karl Mattson, who worked at Target from 2008 until 2013, most recently as manager of cyber and global intelligence. “[Target] didn’t have an advocate at the C-level, as an executive, advocating for IT security investment.” said Mr. Mattson, now a senior vice president of technology risk management at PNC Financial Services Group Inc.”- Wall Street Journal, C. Boulton 9/30/14
The Comm Solutions Information Security Practice complements existing security functions and provides expert guidance on the implementation and management of the information security, risk management, compliance and data privacy programs. Organizations seeking to move away from reactive security activities to a proactive security strategy will benefit from independent and unbiased advice. Comm Solutions will be positioned to facilitate a comprehensive security program and architect a defense in depth strategy, control/process improvement, and provide technology procurement recommendations.
To learn more about what Comm Solutions can do for your organization, Contact Us.
The post Move From A Reactive to A Proactive Security Strategy appeared first on Comm Solutions.
