Nov 10, 2017
Security breaches are occurring left and right. Every organisation is exposed to information security risk, but many still only deal with security issues after a breach has occurred, rather than being proactive. This can be extremely damaging to an organisation's reputation.
What's The Impact?
According to "The Reputational Impact of IT Risk" -- a whitepaper by Forbes & IBM:
- 46% of organisations suffered damage to their brand reputation and value, as a result of a security breach.
- 19% of organisations suffered damage to their brand reputation and value, as a result of a third-party security breach.
According to a survey of 843 executives conducted by The Ponemon Institute, it takes on average a year to restore an organisation's reputation after a security breach. The same survey revealed that depending on the type of information lost in a security breach, the average damage done to a brand ranges from $184 to more than $330 million -- at best, brands lost 12% of their value after a breach. That's significant. All it takes is for one of your development teams to leave a vulnerability in a piece of software they've created, and you have a potential brand disaster sitting on your hands. To make matters worse, attackers get more sophisticated every year. More people have access to computers and the internet, which means more attacks. If your company isn't taking security seriously, then it's only a matter of time until your brand suffers.
What Can Be Done?
Training for Developers
Almost every large organisation now develops software in some capacity, which means they hire software developers. Software developers need training, or they develop software rife with vulnerabilities. Vulnerabilities that in today's environment will often go on to be exploited. Training software developers is vital, and I discuss the issue in more detail in this post.
Security Awareness Training
All organisation employees need to not just be aware of security risks, but also know how to reduce the risks. An effective security awareness training program can accomplish this.
Penetration tests are tests performed by security professionals against a company as a whole, or individual systems/networks. Simply put, a professional is challenged with trying to compromise your organisation. A penetration test will always reveal improvements that can be made to reduce the risk of breaches.
Special Software & Hardware
There are hundreds of different pieces of software and hardware you can use to improve security, however such software and hardware should be treated as a final hurdle, rather than a fundamental part of your organisation's security. Whilst security software and hardware can stop some software vulnerabilities from ever being a problem, they can't stop everything, and there is a real risk that firewalls, anti-virus software and similar are seen as a one-stop shop for security. Nothing can replace adequate training and frequent testing.