First Pre- Cyber Breach Mistake: Insufficient Information Security Independence
Information security is sometimes at odds with IT’s goal because many things that IS wants to do may slow down IT. The risk is that the calls are made in favor of IT and against IS.
There is always a before and an after. Sometimes, in the world of cybersecurity, it can feel a little more like ‘before and an aftermath’ as organizations deal with fallout from a cyber breach. Whether the bad actors made off with data, money, or both makes no difference – in the end, any organization hit by a cyber attack MUST recheck their security from the inside out.
So, what can organizations do to protect themselves from the problems and exposures inherent in cyber breaches? To start, it is worth checking in on your organization’s basic cybersecurity measures, such as the chain of command for IT and how IS integrates. As the old proverb goes, forewarned is forearmed.
In the world of befores, there is plenty of time to plan and to react, so it makes sense to look at how your security function is positioned in the organization. Most companies find that their Information Security (IS) team is at odds with IT because InfoSec projects aren’t aligned with IT goals. IT’s job is production and anything that interferes with production is a problem. Organizations also tend to have their information security function either embedded within or reporting upwards to the IT department. This is considered a suboptimal structure which should receive some reconsideration as the frequency and severity of attacks rises. Moving the IS team out of the IT department is worth considering.
Organizations are storing more data than ever before, mainly in the Cloud. The number of things businesses have to protect has grown exponentially, which has expanded attack surfaces for hackers. The problem is pervasive, and the criminals are incredibly successful in the attacks they generate. In order to fight back, organizations must be updated, informed, and ready to counter threat actors in real-time. While simply knowing what your security plan is won’t be enough, it can and should be the first step in any security overview.
Want to get your organization on the right side of the cyber security percentages? Contact Idenhaus now for a security check-in, shake-up or to start the journey from the first steps. Whether your organization is just starting or just needs the plans looked over, Idenhaus has the tools and skills to keep your security up to date and ready to respond.