data-breach
Security

Responding to a cyber-attack is grounded in people and processes

This is a contributed piece by Jan Valcke, President and COO at VASCO

 

The high profile and regularly expanding list of corporate cyber victims serves as a reminder that an attack can catch anyone out, however large, established, or ostensibly prepared an organisation may be. Sony is an oft cited example, while the breach inflicted on TalkTalk, a UK provider of telephone and broadband services in October 2015, also remains firmly embedded within cyber breach folklore.

Indeed, some of the lessons learnt from these incidents continue to inform the evolving security culture. An example is the growing ubiquity of Chief Information Security Officers (CISO), whose emergence as business leaders, driving strategy alongside technology, has put this talent at the heart of the battle against increasingly sophisticated and diverse threats.

A focus on people is logical progression; behind most security breaches lies human error, and in remedying or driving greater prevention, the individual is just as relevant and impactful as the most advanced technology. As such, in many companies the CISO is now a full time role leading a team that ensures the business is best prepared in the event of an attack, supported by a second group which is assembled to best respond when one actually happens. Here, the convergence of IT security, senior management, PR, legal and operations to minimise the fall-out, reflects the far reaching implications of a security breach upon an organisation, a complexity further fuelled if insider involvement is discovered - with the subsequent implications on employee morale - which demands extremely sensitive handling.

Communication is critical in the aftermath of a serious breach. Aside from the financial costs of a security breach, a delayed and ineffective response from the company targeted can see a serious threat rapidly morph into a full-blown disaster.

Returning to the TalkTalk example is a case in point. Here, the company remained tight-lipped over the exact nature of the attack, which only fuelled more speculation and uncertainty, with the organisation’s credibility taking a significant knock as a result. Transparency, detail and speed is essential, because if a company waits too long to notify those impacted by the breach, this can lead to additional losses.

It’s why an efficient information flow through a central management point, is a critical yet frequently overlooked element, as is the quality of the intelligence itself. Tapping into the scope and resources of the Certified Information Systems Security Professional (CISSP) - a vendor neutral certification - is the kind of safety net, embraced by savvy operators to keep informed on all the latest developments. Aimed at those with a proven deep technical knowledge and managerial competence, this globally-recognised accreditation draws on the most up to date information to deepen the understanding of new threats, technologies, regulations, standards and practices.

Of course, even the most stellar knowledge in the hands of the right people still requires security solutions to work their magic. A breach-heavy landscape has seen a hike in demand for hardware and software security systems, while user authentication products for employees, consumers and e-commerce needs to secure existing networks and software. It’s a traction that will only grow as security fears rise, but even the most innovative solutions will not deliver in isolation. Watertight resistance involves a team effort - people, process and product – to deliver the holy trinity of resistance in a volatile and challenging security landscape.

 

Additional reading:

What will be the single biggest security threat of 2016?

Fleeting strategic importance? 2016, the year of the CISO

The IoT “time bomb” report: 49 security experts share their views

PREVIOUS ARTICLE

« Office 2021: Why robots won't end drudgery or steal our jobs

NEXT ARTICLE

Rant: All the guff about 'money-hating' Millennials »
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends

Poll

Is your organization fully GDPR compliant?