Now that we are seeing recent and continued breaches, information security is consistently in the headlines and on a board’s agenda. What's important is that businesses focus on the real issues behind these headlines which include protecting the supply chain, encrypting personal information, ensuring controls are continually tested, and addressing the lack of skills within the industry.
What’s worrying is that many companies are not doing enough to protect themselves. Without the practical fundamentals, attacks don't need to be advanced to succeed. Our recent Global Threat Intelligence Report highlighted the need for organisations to concentrate on getting the basics right. It showed a staggering 76% of the vulnerabilities identified hadbeen known for two or more years. Nearly 10% were over 10 years old.
Businesses need to take data security seriously, recognising it as both good practice and a business enabler. They should:
- Improve internal knowledge and awareness of data security among employees, and highlight the importance and implications of what people do when accessing and using corporate data.
- Understand that this is not just technology, but people and processes too. Enforce a formal security policy and communicate it to all staff.
- Completely securing all critical data by implementing the appropriate controls to protect, detect and respond to potential threats.
- Consider working with a trusted Managed Security Services Provider (MSSP) to sift through large volumes of data and spot trends, allowing your internal resource to act quickly on closing vulnerabilities.
- Put in place an incident response plan to minimise impact and costs should a breach occur.
We continue to see how organisations react when breaches happen, but for an incident response to be fully effective, it relies on robust preparation and good practice. Processes, procedures and awareness are essential ingredients for risk mitigation, along with the right technologies to help protect from and detect any malicious activity. NTT Security’s 2015 Global Threat Intelligence Report highlighted the need for organisations to concentrate on getting the basics right. It showed a staggering 76% of the vulnerabilities identified had been known for two or more years.