At this point, everyone has learned of the Equifax breach. Emotions run high after a major breach. The speculation of major lawsuits, fines create chaos for organizations that are traded publicly. Probably most organization CEO’s when apprised of the Equifax breach asked their staff for an update on their own internal security posture. Even though emotions are high right now, now is not the time for major action. It is a good time, however, to reflect on your own organization’s security posture.
It’s difficult for IT organizations to admit their own shortcomings in security. In some cases it might be neglect, but in many cases it is due to lack of knowledge. Most security organizations within a company are overworked and understaffed. Sorry Mr. CEO. Security is a pure cost of doing business. It neither increases your revenue or decreases your costs. Our reality has changed for all organizations. Security must have a deliberate strategic plan. Failure to adequately secure your organization can put your business at great risk.
Every organization should have an independent assessment of their security posture and how it relates to their peers. These reviews should occur on a recurring periodic basis as the security landscape changes. We as business owners shouldn’t wait for the security to be legislated to us before we act. Don’t assume that everything is fine. As cyber security consultants, we hate hearing that, “This can never happen again.” Each successful organization must come to the realization that you will be breached or have already been breached.
After a breach the tendency is to start throwing security products and tools at the problem. In most cases this just creates more of a vulnerability than before. We believe organizations need to approach security from a process, people and product perspective. Too many organizations have purchased the latest in security tools and yet don’t have them implemented correctly or have anyone who knows how to operate the tool. For organizations to attack this challenge a strategic security plan should be mapped out with contingencies and dependencies. Trying to develop a strategy when the house is on fire is not a good time.
We started FocusPoint to assist organizations develop these strategies. Call us to find out more if FocusPoint can help your organization. 651-330-5521