Consumer confidence in the digital market place is driving the growth of the online market and directly contributing to the mountains and mountains of data being created each day. In our previous post, we looked at some of the benefits mandatory reporting brings and why hiding a potential data breach hurts everyone in the long-term.
In the next post of the series, partially inspired by the celebrity iCloud hacking and the Snapchat data breach that came to light recently, we look at why we need to move information security into the main stream, not just in the media but also the offices where we work.
Moving Info Sec into the mainstream
Too many people do not understand what information security actually is and even less understand how to implement a system to protect information effectively—this needs to change. By 2020, it is estimated that there will be 20 billion devices connected to the Internet. That is 20 billion targets for hackers and 20 billion potential data breaches.
Information security is not about secure data centres, security patches or passwords—these are simply elements of information security. Information security is about making sure information is kept safe, secure and is easily available to the right people.
By raising awareness of what information security is, one would hope to prevent accidental exposures and to close the weakness in systems, which is so often lack of training, lack of appreciation and ignorance.
I see this work every day of the week. When an organisation starts to look at their own information security, they are more mindful of their actions. Although it’s a very basic concept, just by getting people to be aware of the risks and by being alert to the dangers, we could see a significant reduction in data breaches.
This isn’t to say that I want to see warnings in the media every day of the week; nothing could further from the truth. Articles saying that you can never trust a USB device again or that all passwords must be changed are just two examples of the hyperbole-filled, overly dramatic misinterpretations of digital insecurity. Consequently when these apocalyptic predictions do not come true, it makes people mistake the actual dangers posed.
“Bad things happen to good data every day,” said Paul O’Donovan, lead auditor at Certification Europe. “How can you reduce the risk of your information being a statistic in tomorrow’s latest data breach? Two words – Think Different.”
“Give your information a nominal value and treat it like you would a €5 note. Every time you are asked or input your name, DOB, address, photos or any other information, just think: ‘They are asking me for €5. Do I trust them? Will they keep my €5 safe? Where are the putting it? Can I access my €5 when I want to? Can I get all my money back when I want it?'”
The goal in all of this is to get people asking questions about where their information is, what it is being used for and to take responsibility for the data they generate.
About the Author: Michael Brophy is Founder and CEO of Certification Europe – a group of accredited certification bodies founded in 2001, which provides ISO Certification and Inspection services to organisations globally. Michael is a graduate of the University of Ulster and the Universidad de Zaragoza (Spain), with a Master in European Policy and Regulation at Lancaster University, and is one of Ireland’s leading authorities on standardisation. Michael has a wealth of experience in Information Security and Business Continuity Management Systems implementation for Government, military and various business sectors (pharmaceutical, Telco, financial, IT and security printing sectors). Michael is also Chair of the Association of Accredited Certification Bodies (AACB).
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
- Restoring Digital Consumers’ Confidence – Part I
- Study Finds Most European Breaches Caused By Organizational Error, Insider Attacks
- Five Ways to Avoid Wasting Time During a Breach Investigation
- Why Should We Close The Threat Detection Gap?
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the ShellShock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Images courtesy of ShutterStock.