Dubbed ‘the year of the breach’, 2014 saw information security breaches increase among small and large businesses at an exponential rate.
According to figures published by PwC in its Information Security Breaches Survey 2015, 90% of large organisations and 74% of small businesses suffered a security breach last year. Ranging from malicious email attacks designed to infect and disable a network to data theft, the methods of infiltration are growing more sophisticated and, with the financial impact to recover from such attacks continuing to rise, the cyber security sector needs to respond.
So what are the lessons to be learned from 2014?
Poor resourcing
With a growing divide between the number of suitable candidates for an ever-increasing supply of cyber security jobs, the issue of a skilled manpower deficit is an obvious weakness that needs addressing.
Far too often, IT departments lack the necessary time and skill to provide effective real-time security monitoring and, whilst breaches are considered an inevitability, they likewise lack a proactive approach to the threat of cyber attacks. More time and money is needed to invest in training, educating and recruiting suitable candidates into the industry.
Offering apprenticeships, and providing existing employees with access to acquiring further qualifications, can help tackle this skills gap in the long run.
Back to basics
Surprisingly, password control in many organisations is one of the weakest areas for breaches, with most end users and IT departments believing them to be robust.
The basic principles for password management should be applied, including the use of stronger passwords, not using the same access keys for multiple platforms, and changing these regularly.
Other easy fixes that should be a matter of basic security management are restricting user access to essential systems, configuring firewalls properly and keeping anti-virus software up to date. This should apply to in-house practices, but needs to be applied and monitored across any third-party providers and across all applications.
Be prepared
Unfortunately, security breaches are no longer a matter of ‘if’ but ‘when’, and organisations need to acknowledge that no defences are impenetrable.
Having a robust and well-tested disaster recovery plan in place can make a huge difference in both the cost and time involved in recovering from a breach, and it can also minimise the impact on losses.
A good incident response plan should prioritise the critical areas of the business, identify the roles of in-house and third-party organisations, and ensure they have the manpower and skills to respond.
Get proactive
With the threat of cyber attacks ever likely, it is an essential part of risk management to not only be prepared, but to actively seek out danger. From a study conducted by Trustwave in 2014, it was identified that the containment of a breach could take as much as two weeks when detected by a third party, compared with just one day if it was discovered in house.
Keeping things apart
Integrating networks and services can improve productivity and is considered an essential part of the way businesses operate more effectively, but doing so can make a breach more difficult to contain.
By segmenting sensitive data from non-critical information and prioritising defences, a breach in one area is unlikely to cripple the entire network.
[su_box title=”About Ryan Farmer” style=”noise” box_color=”#336588″]
Ryan Farmer has worked at Acumin for the past five and a half years as a Senior Consultant and now a Senior Resourcer. With a strong understanding of the InfoSecurity industry and the latest market developments, Ryan sources leading information security candidates for some of the world’s largest End User security teams, start up security vendors and global consultancies.Ryan is heavily involved in the Risk and Network Threat forum, has a keen interest in Mobile Security and is an active blogger and InfoSec writer.[/su_box]
Information security, data protection, and compliance professional.
Blogger, writer, speaker.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.