Subscription Center

Real-time insights from the industry leader in IT.

How to Avoid Costly Security Breaches and Data Risks

3 Jan 2015 by Christine Kern

As new, more advanced technologies make it easier for us to store and access information, this technological ease and convenience also creates new opportunities for security breaches and data risks that can affect thousands or millions of people in a single attack.

Organizations are falling victim to security breaches

It seems like every month there’s news of another notable organization falling victim to a security breach where sensitive information and data is exposed. In fact, according to USA Today, 43% of companies experienced a data breach in the past year, up 10% from the previous year. This disturbing trend has organizations scared stiff. Many are re-evaluating their technology initiatives or scrutinizing their existing technology infrastructures as a result.

There were more than 1.5 million monitored attacks in the United States in 2013, according to the IBM Security Services 2014 Cyber Security Intelligence Index. These incidents are sometimes part of complicated cyber attacks from large-scale, sophisticated sources. At other times, the massive damage is carried out in a simple, straight-forward manner. A Chinese 2013 report of government data security breaches revealed that a tax bureau employee secretly copied resident information from the bureau’s intranet onto a USB memory drive and sold it.

Organizations need to address IT risks before incidents occur

According to the article, “IT Security: The New Target For CEO Performance,” CEOs have always had very broad responsibilities. But, in the new electronic age, CEOs are increasingly responsible for their organization’s security. Failure to take responsibility could cost of organization millions of dollars.

That means that organizations need to address IT security risks before incidents occur. This includes a focus on identifying key threats, reviewing existing security risks and challenges to the agency’s data, enforcing risk management processes and common control frameworks, executing incident management processes when crises occur, and empowering proper experts to maintain regular communications about security-related issues.

But being informed about security risks is not enough. Organizations need to align their security intelligence plans with those they serve.

Apply predictive analytics to detect advanced threats

While defending your systems is crucial, the most innovative systems need to go a step beyond defense to apply predictive analytics to detect any advanced persistent threats. The data analytics also need to identify previous breach patterns to predict potential areas of attacks, keep a close eye on suspicious employee behavior, and monitor the external environment.

Security intelligence should have the 5 following capabilities

After taking proper precautionary safety steps, the most innovative security intelligence should have the following capabilities:

1.   Real-time flow analytics that can track and monitor user behavior, social media usage, mobile activity, and cloud activity, which can all be crucial areas to keep a close eye on when sensitive information is at hand

2.   Predictive analytics and pre-exploit awareness, or data mining, to identify unusual trends and patterns in behavior

3.   Anomaly detection to uncover activities and behaviors beyond what’s expected

4.   Data source integration and visualization, with collaboration among various data sources to spot threats

5.   Management of all endpoints, including mobile devices

Be proactive, and initiate preventive steps

The key takeaway is not to close the barn door after the horse has fled. Be proactive, and initiate preventive steps to avoid data breaches and other security risks that could compromise the reputation and economic bottom line of your organization.