THE FALLOUT OF FAILED IT SECURITY
When a systems breach occurs, executives instantly
go into high alert mode to protect their company's reputation.
But for the most part they start looking toward the IT department
with raised eyebrows.
If
you are head of IT security, no doubt you will be on the
hot seat soon enough. Questions on how this could have been
avoided will be asked and ultimately someone will be accountable.
Depending
on cause and extent of the breach, the fallout can go on
for years in the form of increased oversight and compliance
as well as expenses. The real costs of a security breach
are the long-term financial impact, not the immediate remediation
costs.
Expenses from credit monitoring services, regulatory fines,
civil lawsuits, and the impact of lost customer loyalty
can run into the millions. No one wants to have that burden
on their shoulders, and future employment in IT security
would certainly be questionable.
The
good news? You now know where your systems are flawed. Whether
big or small, it is certainly a wakeup call. But there is
a better and less expensive way to identify security flaws
instead of having them exploited.
Be
proactive. Putting off a risk or security assessment in
lieu of other projects may end up with your company in the
news. NCX Group has seen this happen again and again; where
a security review is targeted for the future, but before
they get around to it we get a call from them or discover
in news reports that they've been breached. If only, if
only . . . it could have been avoided because in a thorough
security review, you are notified immediately of high-level
vulnerabilities along with the risk they pose so you can
remediate them before anything happens. An investment in
preparedness can really pay off.
It may appear admirable and be less expensive to do a security
review in-house, but realize your company probably doesn't
have the expensive software or the security expertise to
conduct an extensive review. There's a lot at stake. You
read the news;
