Hackers? Oh, We Have an Open Door Policy
I have often seen recommendations to ‘think like a cybercriminal’ in relation to protecting your organization from data breaches. It appears that this is not happening. On-premises environments have their own set of problems. So does the cloud, and the lure of what organizations saw as ‘free storage’ is fading. Where did they get the idea it was free? Organizations are slowly realizing that the cloud does need to be actively managed, but are sometimes making decisions in the dark as there is no mainstream cookie-cutter approach to life in the cloud.
In its 2018 Strategic Security Survey, Dark Reading polled some 300 IT and security leaders and found that more organizations, not fewer, expect to face data breaches in the coming year, compared with findings in the previous year’s survey. Moreover, the companies believe they are not ‘fully ready’ to protect their data against intruders. I wondered whether some of these security leaders got a massive jolt of reality. I actually agree that there will be more cloud-based business data breaches. Why not? It’s a lucrative business, the continual evolution of programs and software used by hackers is spreading, and hardware and software to support a ‘hacker-free’ environment are often unavailable as hackers’ activities get more sophisticated and continue to morph. On the business side, maybe the spend is just not there to sufficiently arm the cloud environment. Although what we don’t know is what ‘fully ready’ means. It probably means something different to each organization. In any case, a portion of their budgets should be allocated to security.
This leads me to a second observation from this report, “39 percent say their top managers understand the business risks of data breaches but aren’t sure how to quantify them. 25 percent of respondents said their top managers don’t really get how breaches might disrupt or even destroy the business, compared with 18 percent who reported a similar lack of comprehension last year. The numbers suggest that top managers are getting worse, not better, at grasping the potential consequences of data breaches.” This one borders on the ludicrous. No wonder there is now a plenitude of articles about the lack of boardroom security initiatives, as no one has told them there is a problem. At least one staff member should be able to articulate it. How about this for starters, “All your client records have been breached.” That should open their eyes. Or maybe, “You know that stupendous new product waiting in the pipeline, well, all of that information has been stolen and sold to our competitors.” An engineering nightmare. And how about, “Oh, by the way, you failed to meet the General Data Protection Regulation (GDPR) and have been given the highest penalty – 4 percent of financial revenues.” I think they should work.
In December, Netwrix acquired Concept Searching and we are now able to offer an end-to-end security solution – one that is leaps and bounds ahead of the competition and is proven to work. The Concept Searching software enables you to proactively manage any unstructured, semi-structured, or structured data, all the way down to a sentence or a phrase within a document that raises a red flag. And it also cleans up dark or forgotten data, and redundant, outdated, or trivial (ROT) information, as well as addressing Shadow IT.
Get in touch to discuss the areas in your organization that are vulnerable, and we can help figure out the return on investment. Believe me, it’s there. I am at a loss for words – that rarely happens – about the fact that top managers cannot articulate the consequences of a data breach.
It’s time to shut your open door policy.