Security – A term which was not so popular a decade ago. Security was earlier in terms of financial safety and home safety. Now, this term plays a huge role in the Information Technology sector and gaining widespread importance. Security tops the priority list of almost all CIOs. Data breaches and Cyberattacks concern top decision makers on a daily basis. In 2015, the average cost of data breach went up to £2.37 million.
Last year, in 2015, the percentage of security incidents rose up to 38% whereby even high profile companies were a part of it. A recent leak of login credentials of Twitter users signifies the rise of cyberattacks. So, this year is also not different with attackers constantly on the lookout to steal valuable business data.
Planning for the predictable
While organizations should take preventive steps in order to ensure a breach doesn’t take place, but cybercriminals today being smart enough using sophisticated techniques signifies that in reality they are also planning for a predictable breach. On a daily basis, if we consider, many organizations are likely to face major number of attacks and the sad truth is that at least one attack will be successful.
Organizations should adopt new approaches to deal with cyber attacks so that the risk is reduced and costs resulting from such a breach are also minimized. A prerequisite of properly framed IT security is preventive measure. However, having preventive measures is not just enough. More focus should be given to detection and damage limitation. Organizations should not think from an “IF” perspective but from a “WHEN” perspective thereby limiting the damage hackers can cause.
More investment should be made in detection tools which help in identifying any breach sooner. The time taken by the enterprise to discover a breach will become more interesting to customers and regulators and hence detection will logically take place a noticeable role in IT security measures. This becomes a public indication regarding an enterprise’s vigilance as the time taken between breach and detection is into months or even years eventually a significant damage is caused on enterprise reputation.
When more focus is given on damage limitation, it helps in mitigating the effects caused by security breach. The approach of detect and devalue require some innovative thinking from top level decision makers to administrators of IT systems. For this, more brainstorming sessions should be taken to identify the worst scenarios of breach and what solutions can be developed. This will help the enterprise to properly form the preventive steps limiting the damages as well as ensuring the victory of detect and devalue policy.