For many security is the ugly child of IT. When people start to consider security, it\u2019s often as an afterthought or at worst a necessary evil. <\/p>\n
Thankfully attitudes are changing. Recently a series of high profile cases have focused company\u2019s attention on the need to protect their (and perhaps more importantly), their customer\u2019s data.
\nIn particular the recent highly publicised attack on Sony\u2019s IT infrastructure demonstrates an insidious form of attack in an increasingly connected world: those that are deliberately and exclusively aimed at damaging organisations credibility by compromising its employees or customer\u2019s privacy.<\/p>\n
Many organisations have long since appreciated that the damage to a company\u2019s reputation caused by security breaches is the single biggest threat to their credibility.
\nThe Sony case and the recent leak of US diplomatic cables have both highlighted the fact that organisational embarrassment alone is now a powerful weapon when wielded by malign hands. In both cases the data was released into the public domain through the supposed anonymity of hacker groups.<\/p>\n
The \u2018Cablegate\u2019 affair was not<\/strong> a sophisticated attack from an externally acting agent. The culprit was a rogue individual within the organisation who simply abused the access that he might legitimately have been said to have required for his role. <\/p>\n Could simple mitigating controls of reduced the impact of this security breach?<\/p>\n If the careful segregation of data on a need to know basis is the principle risk reduction method in an organisations armoury. Mitigating controls should be the second line of defence.<\/p>\n The US deliberately loosened rules regarding the segregation of data after 9\/11, the objective was to improve information sharing and ultimately the effectiveness of security services analysis. While these were worthy aims, it could be suggested that the corresponding compensating controls were neglected. Controls could of provided oversight to the extraordinary amounts of data that was being downloaded by this individual. Ultimately a vigorous approach to securing your organisation data is an important part of building confidence and trust with those who you work; secure organisations are professional organisations<\/em>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":" For many security is the ugly child of IT. When people start to consider security, it\u2019s often as an afterthought or at worst a necessary evil. Thankfully attitudes are changing. Recently a series of high profile cases have focused company\u2019s attention on the need to protect their (and perhaps more importantly), their customer\u2019s data. In […]<\/p>\n","protected":false},"author":1,"featured_media":1011,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"categories":[3,6],"tags":[],"_links":{"self":[{"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/934"}],"collection":[{"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=934"}],"version-history":[{"count":37,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/934\/revisions"}],"predecessor-version":[{"id":991,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/934\/revisions\/991"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=\/wp\/v2\/media\/1011"}],"wp:attachment":[{"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=934"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=934"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.juliangrayconsulting.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=934"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Could pre-emptive action have been taken if simple mitigating controls were in place? <\/h3>\n
\nThe \u2018Cablegate affair\u2019 compromised people who had provided information to the US security services and to which a duty of care was owed. The reputation of the US government has suffered as a consequence.
\n Your reputation hinges on protecting your customers data. <\/p>\nSecure companies are trusted companies<\/h3>\n