Security The Ugly Child of IT ?

February 6th, 2015   •   no comments   
Security The Ugly Child of IT ?

For many security is the ugly child of IT. When people start to consider security, it’s often as an afterthought or at worst a necessary evil.

Thankfully attitudes are changing. Recently a series of high profile cases have focused company’s attention on the need to protect their (and perhaps more importantly), their customer’s data.
In particular the recent highly publicised attack on Sony’s IT infrastructure demonstrates an insidious form of attack in an increasingly connected world: those that are deliberately and exclusively aimed at damaging organisations credibility by compromising its employees or customer’s privacy.

Security and Credibility

Many organisations have long since appreciated that the damage to a company’s reputation caused by security breaches is the single biggest threat to their credibility.
The Sony case and the recent leak of US diplomatic cables have both highlighted the fact that organisational embarrassment alone is now a powerful weapon when wielded by malign hands. In both cases the data was released into the public domain through the supposed anonymity of hacker groups.

“Only a fool learns from his own mistakes. The wise man learns from the mistakes of others.”

Otto Von Bismark

The ‘Cablegate’ affair was not a sophisticated attack from an externally acting agent. The culprit was a rogue individual within the organisation who simply abused the access that he might legitimately have been said to have required for his role.

Could simple mitigating controls of reduced the impact of this security breach?

If the careful segregation of data on a need to know basis is the principle risk reduction method in an organisations armoury. Mitigating controls should be the second line of defence.

Could pre-emptive action have been taken if simple mitigating controls were in place?

The US deliberately loosened rules regarding the segregation of data after 9/11, the objective was to improve information sharing and ultimately the effectiveness of security services analysis. While these were worthy aims, it could be suggested that the corresponding compensating controls were neglected. Controls could of provided oversight to the extraordinary amounts of data that was being downloaded by this individual.
The ‘Cablegate affair’ compromised people who had provided information to the US security services and to which a duty of care was owed. The reputation of the US government has suffered as a consequence.
Your reputation hinges on protecting your customers data.

Secure companies are trusted companies

Ultimately a vigorous approach to securing your organisation data is an important part of building confidence and trust with those who you work; secure organisations are professional organisations.

JOIN OUR NEWSLETTER
Join our mailing list, receive our free newsletter. . We publish interesting articles every month that help businesses improve their SAP security. Each month a lucky subscriber wins a copy of the Syngress SAP Security Configuration and Deployment guide
We hate spam. Your email address will not be sold or shared with anyone else.