Recently, another big breach story took over the headlines and reminded executives of just how important risk management is for their enterprise: Russian Hackers Amass Over a Billion Internet Passwords.  Not only is this incident a nightmare for users who have sensitive data on the web, but it is also a major indicator that businesses are not securing their site’s databases.

Most of the coverage you will find on this mega breach highlights what data was stolen, how this could happen, and the repercussions for businesses and users.  You will also find some controversial messages; one in particular questions the validity of the breach.  Whether the breach smells fishy or not, hackers managed to breach 420,000 Web and FTP sites!  This means that many websites had vulnerabilities that allowed hackers to gain access to databases and take what was on them.

Today, every business knows how valuable data is; it is the new gold mine for thieves.  Even more concerning is the fact that it is also a way for countries to attack each other (digital war).  Personal, company and government data holds information that allows whoever gets a hold of it to gain access to your money, your identity, to make ransom demands, to get into your system, shut down a city’s power grid, and so on and so forth.

Businesses can keep thinking that breach won’t happen to them and that their security posture is fine just the way it is; but the headlines demonstrate otherwise.  Just this year we’ve seen multiple companies, who had the resources to invest on security, get breached (you remember Target, Neiman Marcus, and eBay; to mention a few).   What will it take for CEOs, CIOs, the C-Suite and all business decision makers to deal with the “Why” of security?  To do what is necessary to protect their businesses and customers?

If major data breaches aren’t enough to get security on top of the priority list, here are some additional reminders to why a proactive security approach is the only way any organization is going to secure their environment and protect customers:

  • In case you didn’t know, 90% of all information security vulnerabilities are found in applications.
  • Most organizations do not identify, measure, or understand application security risks.  Do you?
  • Also, studies show that continuous monitoring of the network, applications, and servers, is not taking place. Are you sure you haven’t been hacked?

Security professionals and CEOs keep catching glimpses of what could happen to their business if security is not a priority. So the bigger question is: How are you going to spot vulnerabilities and risks, if your eyes are not looking for them?  The answer is: You’re not going to, at least not until it’s too late.

Do you want to be the next breach story or do you want to protect your enterprise, personnel, customers and intellectual property? Hopefully, your answer is the latter, to protect.

What measures are you taking to establish a holistic information security posture?

 

Photo Courtesy of buttet