In the digital world we live in, every business is a target. Those that assume that because their place of work is too small or because they aren’t a large financial institution or a retailer that they will not be a possible target could be in for a rude awakening. Many organizations are missing the mark by having a false sense of security. Attacks can happen on Main Street as easily as it can on Wall Street.
To mitigate the risk of devastating reputational damage of a breach and losing the trust of customers, organizations should no longer look at security as a IT expense, but rather an corporate investment into the future of the organization and brand.
There are two key causes of an information security breach. One is the lack of proper communication and the ‘it can’t happen to me mentality’. As we have already seen in two recent major breaches such a Target and Sony, management had been alerted to weaknesses in the information security posture of the company by the information security practitioners, some of them senior themselves, only to be turned away and told that it wasn’t important or that the threat wasn’t real.
Security is a cost of doing business
Security and the need for it have evolved and has never been more important than it is today. We encourage executive leadership teams to think of security as a cost of doing business in all areas of the organization. One area to look at first is the organization’s website or online commerce shop. This will come under attack. Perhaps not to the level of the breaches making headlines in the news but no matter the size of the business the attacks will come. It’s not a matter of if, it’s a matter of when. Sites will be probed for weak or default passwords, SQLi, buffer overflows and DOS conditions, many times without you even knowing it.
We encourage leadership teams to stop and listen to their security practitioner that should or may have already warned them about putting up a website without a Web Application Firewall, or allowing a vendor unfettered access into a critical portion of the network. Do not let the cautions go unheeded.
There is more than one boogeyman
Many companies will invest large sums of money to acquire alarm and camera systems, guards, and magnetic door locks to keep the bad guys out.
However, when it comes to the IT boogeyman, companies are hesitant to invest in the proper tools needed to protect sensitive data. The IT boogeyman should be feared. He is real and he is a threat.
While IT and security can often be a technical topic and intangible in scope, the numbers don’t lie. He is out there and he’s looking for an entry point. While he may not be the scary monster lurking under a bed or outside your door, he’s quietly and stealthy lurking in your networks and systems.
Now is the time to take action
There is hope. There is an opportunity to protect and defend against a breach. Now is the time to take action and invest in a security strategy. Through ongoing vulnerability scanning and penetration testing, social engineering engagements, employee security awareness and more, organizations can have a better understanding of their security posture and proactively defend against security breaches.