Data breaches are inevitable, but with the right information security strategy, security framework and security planning – organizations are empowered to make data breaches less impactful, by more quickly detecting, responding and recovering from them. Learn more about how integrated information security helps to safeguard businesses.
It seems like a month doesn’t go by without a major data breach making headlines.
Large corporate entities like Target, Home Depot and Sony Pictures have all fallen victim to data
While data breaches are inevitable, with the right plans — including an integrated information security strategy — you’re empowered to make them less impactful, more contained and easier to recover from.
Consider that in 2015 major data breaches (in excess of 1 million exposed records) have hit healthcare providers Anthem, CareFirst BlueCross BlueShield, Premera Blue Cross, UCLA Health System and the U.S. government’s Office of Personnel Management.
The Identity Theft Resource Center reports that 380 data breaches (as of June 23, 2015) have exposed 117,381,357 data records this year.
If the above organizations had an integrated information security strategy, the extent of the damage and impact would have most likely been far less.
I'm sure that you are tired of hearing consultants and security vendors talking about the Target data breach in 2013. I know that I am! It's unfortunate that this company has become the poster child for every vendor and consultant to espouse what are usually uninformed and incomplete theories on why the company was breached. The only thing that I am relatively certain of, is that the company lacked an effective integrated information security strategy and paid dearly for that mistake. Additionally, it has been reported by the New York Times that the data breach has already cost Target $252 million in related expenses.
Whenever we see these kinds of data breaches, we always need to ask the question, what went wrong and get to the root cause and the risk elements that were still gaps.
Although most organizations don’t have enough security controls and/or resources in place, many simply have too many different tools and consoles in place. In either case, each of their disparate systems can sound an alarm, but the noise can end up being so great and correlation/investigation so time consuming that no one knows what to react to first or they become numb and unresponsive. This is a doomsday scenario for any IT department facing a cyber attack.
An integrated information security framework is critical for mitigating losses, if not preventing your next breach altogether. Such a framework reduces the noise while providing actionable intelligence and centralized reporting. A centralized, cohesive system helps to keep information secure and minimize losses.
With an integrated approach for their information security strategy and framework, organizations have “fewer panes of glass” to manage, configure, review and analyze, and security systems that work together to be much better at preventing & detecting threats. And organizations are enabled to more quickly and effectively respond to security incidents to limit and minimize the damage. This broad, holistic approach to security moves away from best of best-of-breed prevention tools when integrated solutions that will do the job better are available.
Breach prevention tools are good, but they’re never good enough. A Ponemon Institute poll surveyed 735 IT security professionals about data breaches. According to the results, 65 percent say their organization has suffered a cyber attack because existing preventive security controls were evaded.
Organizations must start thinking more strategically about information security and avoid focusing entirely on prevention. Prevention is important, but it should only be one piece of your information security strategy. Invest the greater part of your effort in detection, response and prediction tools to round out your integrated information security posture.
With a centralized, integrated information security framework, your organization is better equipped to prevent cyber threats. More importantly, you’ll have the tools necessary to detect and respond quickly and effectively to information security threats when they do arise.
Want more information on an integrated approach to information security? Check out DynTek’s integrated information security infographic here!