It should be common knowledge that the security of your company data is one of the most critical functions of an Information Technology program. It’s also one of the most budget- and resource-intensive functions, as well. With all of the directions you can get pulled in every day, having to deal with the headache of your security posture shouldn’t be at the top of your list. That’s where outsourcing your information security comes in. Data security outsourcing, specifically security monitoring, can be a viable and intelligent option when it comes to keeping the data in your organization secure, and it allows you to keep security levels high without having to allocate precious resources to those functions.
Before going back to home security analogies I think I may stick with airports because of another story in the news recently that has some parallels with the next security control I was going to discuss - SANS Critical Security Control #2 - inventory of software (and detection when unapproved software is used).
When I started formulating this series of blog entries in my head I was going to build some analogies between home security fundamentals and a high impact information security control, but a recent headline in the news fit pretty closely with the first control I wanted to discuss in the series - SANS Critical Security Control Area #1 - maintaining an inventory of what is on your network (and more importantly receiving timely notification when something appears on the network not in the inventory) so I figured I'd veer a little off track for this chapter.
Since the 2014 Verizon Data Breach Investigations Report was released last week, you’ve likely been flooded with stats and findings from the report. The report does contain a vast array of fascinating data for even the most casual in the cyber security field – from pondering the renaissance of RAM scraping during the ‘year of the retailer breach’ to debating the ebb and flow of trends in criminal motivation such as financial gain and ideology. However, the most significant development I observed in this year’s report was a change in the report itself.
The massive amount of data breaches at major retailers is enough to send the consumer elsewhere according to a new study which examined the potential loss of business caused by data breaches, specifically those occurring in the retail, healthcare and financial sectors.
As a practitioner of information security I found it pretty amazing that in a recent information security survey conducted by EiQ, that more than 50% of the respondents said that said they were not confident that their existing security measures would detect a breach. It is becoming painfully aware, because of all the companies that are being breached, that the time for all companies that have sensitive electronic records to get more serious about information security. Next question is - where to start?
When news hit about the security breaches that affected Target, we here at EiQ Networks knew all too well how it would affect those companies and the backlash they would receive due to the thousands upon thousands of consumers that have had their financial cards compromised.
Managed IT services that focus on security have become an invaluable asset to growing and well-established firms alike. Cyber crime and hacker threats are more prominent than ever before. In most cases, small to mid-sized business are the most likely targets of cyber crime. Because of their size, hackers and other types of security threats find these businesses to be "stepping stones" or easy targets. If your company is in the “small to mid-sized” category, the best thing you can do for your growing enterprise is outsource your IT security services. Constant monitoring is needed in order to make sure your sensitive business information and operating systems are secure. And while you may not have the funds to employ full-time employees to monitor and maintain these functions, it is incredibly prudent to invest part of your IT budget to employing a firm that specializes in data breach and system protection.
In a recent blog post on here, we discussed how a SANS survey shed light onto how important the SANS controls were as over 73 percent of the respondents said they have, or have plans to, adopt the security recommendations outlined by the SANS 2013 Critical Security Controls.
Another example of privileged access being abused recently made headlines – this time with the FBI’s National Crime Information Center (NCIC) database. According to the story, a New York Police Detective logged onto the NCIC database and looked up personal information on fellow colleagues that had nothing to do with his duties as a law enforcement officer.