Companies Need to be Proactive About Corporate Security

Wednesday, March 16, 2011

Lindsay Walker

0c4ca84ec3f3f2d57194f8e0cbd5ba85

7 Million And Counting: Why Companies need to be Proactive about Corporate Security

A recent Bloomberg article reported that the average cost of security breaches has increased to $7.2 million - per incident. In a world where companies are scaling back on their costs and making wiser decisions about where their money goes, a security blunder is simply too expensive.

The costs of taking proactive steps to protect your company from security breaches are far less than those of having to react to one.

As security threats continue to increase, companies need to make sure they are covered from every angle. Cyber attacks aren't limited to a specific region or industry. Hackers and other cyber criminals are switching targets from individuals to corporations and their employees.

The Bloomberg article I mentioned above, "Security-Breach Costs Climb 7% to $7.2 Million per Incident," focuses on the findings from a recent report issued by information security research group Ponemon Institute LLC, and sponsored by Symantec. The article states:

"About 85 percent of all U.S. companies have experienced one or more data breaches, Ponemon said, and the figure may be larger because many don't have the ability to detect when information has been exposed."

Two major concerns for businesses are:

  • 1. Mobile device security
  • 2. Corporate security

Mobile Security

It's safe to assume that cybercriminals won't be backing down in 2011 - or anytime soon for that matter. I was recently reading the RSA 2011 Cybercrime Trends Report to find out what the RSA Anti-Fraud Command Centre reports will be major threats this year.

Not surprising, mobile security issues have made their way onto the list. This assumption makes a lot of sense, as more people are doing business on their phones, laptops and other mobile devices.

Think about the information you send over your phone via text or email - as well as the information you have saved on your phone. For example, our company builds case management software for investigations.

If people start sending information regarding investigations over email on their phone, they are going to want to ensure that there's sufficient security to block the wrong people from getting their hands on it.

Corporate Security

Another trend identified in the RSA report is the switch from attacks targeted at the financial industry and individuals to attacks on organizations:

"Malware is becoming an increasing problem for organizations and government agencies around the world. What has typically been deemed an issue exclusive to consumers and financial institutions has suddenly made a crossover into the enterprise.

This is being helped through a number of factors including employee mobility, the use of social networking sites, and user-driven IT. As a result, the corporate network is increasingly being exposed to malware, Trojans, advanced persistent threats (APT) and other attacks that have the potential to lead to a data breach and compromise sensitive data."

Organization-wide security threats come from both internal and external sources. As tools are built to increase information sharing and break down barriers within an organization, a world of security risk opens up.

Managing and monitoring corporate security requires a strong commitment from everyone in an organization. Systems need to be updated regularly, IT personnel need to stay up to date on new security threats and trends and employees require ongoing communication and training to ensure they are doing their part to help out.

Possibly Related Articles:
5844
Enterprise Security
RSA Enterprise Security malware Mobile Devices Advanced Persistent Threats Poneman
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.