I’ve spent the past few years calling into CIOs, IT Managers, or Security Engineers discussing where their security program is today and what they would like it transformed too. Even though you probably dread the sight of an unknown number, my favorite part of my position is being a facilitator of conversation as well as understanding the focus of all parties involved. What I’ve come to realize is the disconnect that often exists within the security team and the individual goals differ position to position.
You don’t have to be a cyber security expert to realize that the digital world is under immense pressure to defend against sophisticated cyber attacks. The significant data breaches in 2015 alone -- to organizations such as Ashley Madison, Premera, Anthem, Office of Personnel Management, and the IRS -- are a scary reminder that no one is safe and that everyone needs to improve their cyber security posture. There's no better time than now to start shifting the balance of cyber security intelligence back into the hands of the “good guys.”
A study by Experian Data Breach Resolution and the Ponemon Institute found that data breaches are increasing in frequency, but “current data breach preparedness programs often fail to deal with all consequences of an incident.” The report also said that 72% of organizations have a data breach response team, but only 30% of respondents believed that their organizations were effective in developing and executing a data breach plan.” The plans aren’t effective because they’re not reviewed and updated in an adequate and relevant timeframe. Companies understand the importance of having a data breach response plan and team in place, but they still need to work on getting executives involved. Executives can serve as people who centralize control over a data breach response team.