Information security, network security continues to worry businesses and governments as well as hackers have repeatedly shown how they can break into any network to shield anything Security security. Hereon problem is the security situation is becoming more and more complex, making it extremely difficult for organizations to protect their networks on the cloud and on premise. Any breach in the company’s network resulting in negative publicity, lawsuits and loss of business. The vulnerability has tarnished the image of many organizations including banks, retailers and online companies, among others in the last few years. All of us have read about Ashley Madison, Sony Pictures, JP Morgan Chase,… Here are some of the cases that managed to surface in the press. It is believed that so many are not notified when companies want to maintain silence and absolute secrecy about them.
With security landscape and challenges, Dataquest talked to David DiCristofaro, partner – advisory services at KPMG, said how businesses can deal with security threats. Excerpts:
- How can you diagnose a potential security disaster in an organization?
Organizations are often challenged with hacking and breach into their networks. However, the thought is mainly focused on the control and prevention of them are slow to learn from the incident. Ability to handle violations or security incidents more important in today’s world, because it is next to impossible to build digital fort knox. Whatever steps you take, any solution that you make or any shield you create, hackers have succeeded only once. What sets you apart is your reaction to network incidents. It is better that the process is set up to deal with security incidents. The ongoing hacked or attacked is the best security measure any organization can take.
- Everything in IT are getting simplified, except for security. There is a hope that ICT will become inherently safe in the future?
IT systems are becoming quite simple and easy to use while they are getting complicated in the back. With the increased complexity on the back end, there are increasing opporuntities the system becomes vulnerable. With time, the focus of security requirements beyond normal since the world is increasingly getting more connected. Enterprises need to implement network security is “board-level agenda” means CXOs need to consider risk as business risk Cyber, otherwise the organization will not be able to deal with this risk in a comprehensive manner. CEO and CXOs must be in active dialogue with CIOs and CISOs around the theme of security.
In addition, businesses today is not the only reality, they have other relevant including vendors, service providers, agencies and partners, etc. So simple volume control can led to the final network issues.
- What security have to do business with people or people? How the manager in any organization can help minimize the security risks?
Enterprise security has many components and one of the main components (which are also the most exploited) are related to human factors / persons. The challenge for the human risk is that it is unpredictable and it is almost always complicated with a lack of awareness.
Social Engineering / Phishing has emerged as one of the ways that attackers use to break in business systems / information, by gaining access to sensitive information via gullible person / uninformed. Risk beyond the boundaries of the enterprise, through service providers and third parties of their resources / personnel, who have access to information.
Another area that organizations need to be mindful that the resources are being made to implement ethical attacks (hackers hired by the company to break into their networks to the problem can be identified and fixed before they hurt companies) have been evaluated for their platform, yet there are situations where the attacker does not report to the enterprise vulnerabilities and exploit them in disguise into a different person.
- How businesses can deal with the challenges that emerged after the hybrid cloud adoption? Dealing with personal and public environment makes managing complex, right?
Cloud through no longer a question that might get a negative reaction by security considerations. It has become an important component in the organization to leverage the power of cloud computing and ensure that the relevant security controls have also been implemented.
Organizations must work with service providers to protect the environment of their cloud computing, especially at a time when the BYOD (Bring Your Own Device) has been a tendency to be accepted globally. Organizations can identify applications that can be hosted in the public cloud and private environment. They can deploy the full class to limit the risks of potential data theft. Most important data can be limited to the private environment.
Most important part of the journey to the cloud is no different than the kind of partner you are working. Organizations should work with providers of cloud computing reliable, experienced and reliable. We believe that only mature markets reliable partner will have problems in the cloud computing journey. With the rise of the last trusted partner, the cloud will be more secure in the future.
- The best way to deal with the theft of cross-border on-line is what?
Cross-border networks theft is a real and organizations need to be prepared to deal with them. The emerging challenges that large global organizations went out between the region and open subsidiaries to exploit the resources, skills, and tax advantages are times, however, the organization this has now hit with the reality that it can also expose them to increased cross-border network threat / crime. The complexity is enhanced by a law that is not common standard to deal with the incident and in the virtual world any way it becomes extremely difficult to establish the real identity of the individual.
Organizations need to recognize this risk as part of the construction activities and environmental BAU full control to deal with each other.