Last week another two breaches were in the headlines: the Community Health Systems, Inc. breach, where data of 4.5 million patients were taken; and the United States Nuclear Regulatory Commission. Instead of tuning out the news coverage (which can happen due to the multiple breach stories coming out); what are some of the takeaways security professionals and business executives can take to decrease their risks?
The first takeaway is the types of facilities involved: healthcare and critical infrastructures. Hospitals and energy systems are fundamental to lives and the function of a city (not to mention a country). In fact, these organizations should be fully committed to the best security posture they can possibly establish; not only for their business, but for the people that depend on their services. Obviously, no system is perfect, but if you are holistically proactive with your risk management approach, and not using solely technology or process, you are more likely to succeed in protecting your data. What this means is that organizations need to implement the whole nine yards: security technology, security teams and consultants, policies and training, continuous monitoring, incident response plan, and so on.
A second major takeaway is the change in the level of damage attacks can have on businesses (soon entire cities, smart cities). Everything we depend on (to run our day to day lives) is online, in the cloud, in a data center. Medical devices are going wireless, power grids are run through remotely accessible systems, cars are also being built with remote control characteristics, and so much more. Criminals of all types know this, and whether for monetary or other reasons, will be interested in accessing these data hub and control systems.
Security involves technology and innovation. Those same systems can count against an enterprise. Overall, the security industry needs to keep looking for ways to resolve this technological paradox, but business executives need to play their part too. The sooner industry leaders realize they can not solely rely on a software system or firewall to protect their business, the sooner they will get closer to minimizing a truly catastrophic situation.
Sometimes the news can create a lot of hype with their shock titles and fearful tactics, but the danger is very real. Knowing about risks such as the Heartbleed bug (which has been implicated in the Community Health Systems, Inc. breach) or looking at industry reports (such as the recent Ponemon report on critical infrastructures) can point executives and security professionals in the right direction.
Take the learning lessons from breach news to bring your business one step closer to security, one step closer to protecting those who depend on you; to do what’s right for your business and what you should be doing if you are a leader in your industry.
Photo Courtesy of Tashatuvango