Archive | Information Governance RSS feed for this section

Guess how many times a week your company is hacked?

Most organizations are actually pretty easy targets for attackers. I’ve always wondered though, why the particular companies that have massive invasions the reason the hackers targeted them? Supposedly a credit card number can get you $1.00 on the black market. I assume if you have stolen say 2 million that’s quite a handful of chunk change. The more personal information you can steal, the higher the price.

In every survey, what are organizations concerned about? Security. How many are proactively doing anything about it, or have they evaluated the risk and it is of low value. The recent IBM/Ponemon survey, ‘IBM 2015 Cost of Data Breach Study’, indicates attacks are going up alarmingly and so is the price tag.

In another recent article, Coviello tackles cloud privacy, government’s key escrow plan I found one particular series of statistics very interesting and sobering. Acuity Solutions President Kris Lovejoy painted a gloomy picture of cloud data privacy, which by the way this is an excellent article.

According to Mr. Lovejoy,”An average organization of 15,000 would look at approximately 1.7 million security events per week. Of those 1.7 million security events, 324 of those events were security attacks. Those security attacks were deliberate attacks carried out by motivated attackers,” she said. “For those attacks, 2.1 of those 324 attacks would result in a compromise. So 2.1 times a week a bad guy was getting into the organization.”

Kind of frightening isn’t it?

Comments are closed

Time to Tighten Your Belts – Would you rather be safe or sorry?

According to Osterman Research, 95% of business users primarily communicate via email. Of emails sent, 98% were sent with attachments. Secure? Highly doubtful. Mobile devices and BYOD, has unlocked a hornets nest and has put security of confidential information at risk. In the BYOD world, who owns the content, the owner of the device or the organization? Does the organization have the right to access the device to identify confidential information? Current court cases will decide the outcome.

Complicating security issues, social has entered the business world. Accepted in a court of law, the organization is responsible for tweets, social postings, Facebook, and instant messaging, even if it is an end users personal account. Security breaches should be an organizational priority. Did you know that most breaches are caused internally, either through negligence or deliberately? And the security holes only grow deeper into sink holes with no escape.

Oddly enough, C-level folks state unequivocally that they are concerned with cloud security. Rightly so. On the other side of the coin, they tend not to do a lot about it. Some have the attitude that a couple of million dollars to remedy the situation is pocket change as opposed to being prepared for the worst. It isn’t only the money, for better or for worse the impact on the brand and the attitude of customers can be worth much more than remediation. It takes years to build a brand, and depending on the data exposure, it can be destroyed.

They have made their perimeter a fortress, but most exposures are internal. Spending time documenting your security holes within the organization may influence organizations with lax rules to tighten their belts on security processes, access, and define what is and what is not confidential.

Comments are closed

Keeping the Lights On When Your Cloud Provider Can’t.

Does your organization have a business continuity plan as well as a disaster plan if your SaaS provider goes belly up? For whatever reason, goes out of business, abruptly turns out the lights, catastrophes, server crashes, data breaches? If you don’t why not?

Sponsored by Iron Mountain, IDG in its white paper ‘When the Cloud Evaporates’, one-third of the survey respondents said they had subscribed to mission critical SaaS applications and the provider did not meet expectations of support. What was the result? I guess it was quite a surprise and some organizations were totally unprepared. According to the survey, the organizations:

“Transferred workload to another vendor and filed a lawsuit
•Caused numerous setbacks and problems
•Incurred costs
•Needed to find a tactical solution until a long term strategic solution could be put in place
•Scrambled to pick up the application, provide on-going maintenance, and engage in an alternative partners
•Some solutions have had to be done in-house as work arounds”

In any event, not a pretty situation. IDG recommends not only a business continuity plan as well as a disaster plan. “You need something more: a business continuity strategy that works in any situation not addressed by the providers Disaster Recovery strategy. This gives you access to your applications and data to keep the lights on even if you SaaS provider can’t.”

This was a short white paper, but very interesting. I would recommend reading it if you do have business critical SaaS applications – or even if you don’t but are thinking about the cloud. (Registration is required)

Comments are closed