SpartanTec, Inc. Columbia: Why Businesses Shouldn’t Ignore A Data Breach

According to 1E, an endpoint management firm and security firm, US companies are still vulnerable to cyber attacks and data breach despite making significant security investments.

Based on an independent survey, the report includes 300 IT security decision-makers from the US.

Cybersecurity has been receiving more attention and investment. Global spending is expected to surpass $1tn by 2021. However, the report stated that the largest gaps remain in plain sight.

More than three quarters (77%) of respondents think they aren’t prepared to respond to serious data breaches. 60% reported that they have suffered a security breach within the last two years. 31% said this happened more than once.

Eighty percent of respondents claim that digital transformation has increased cyber risk. Only 23% believe that their IT operations and IT security teams work well together to protect the business. However, 97% said their organization would benefit from greater collaboration.

Over three quarters of respondents (77%) believe that remote work will remain a security threat until organizations can reach, patch, and secure remote workers effectively.

Most respondents want to see more investment in areas like software migration automation (80%), breach response and remedy (67%), or software patching (65%).

Companies must maintain a high level of cyber hygiene to avoid major breaches. This leads to a software arms race, a fierce competition between exploiters as well as the entire software industry. In a constant loop, one creates an problem, and the other builds defenses.

Kurt De Ruwe (CIO at Signify), stated that IT operations and IT security must collaborate, set common goals, and use the same toolset.

Companies are at risk because they use older operating systems and software versions without patching and without proper encryption.

De Ruwe stated that new technology was an important tool to improve IT operations. He said that live information is crucial because viruses, phishing attacks, and other things can happen at any moment. Therefore, you must be able react quickly.

Daniel said, “Too often I see organizations spend far too much budgets and resources on expensive tools.” “But the problem is not always about a lack of technology. It’s often the absence of a cohesive relationship among IT security and IT operation, which can lead to gaps in an organization’s security profile.

While you cannot eliminate your cyber risk completely, you can reduce your risk profile by combining IT and cyber security operations.

10 ways to reduce an organization’s risk of data breach

1.) For pragmatic security and operational needs, align goals closely with the business.

Identify which IT systems are the most important for business operations.
Recognize systems that can be retired in order to increase efficiency and reduce security requirements.

2.) Establish shared goals and responsibility for IT security operations and IT security:

Get 100% asset visibility
Upgrade and patch are based on a set of agreed KPIs.
Make sure your most important assets are updated and patched as a top priority.
If you are unable to patch or update, mitigate the vulnerabilities.

3.) Automated patching and updates to the greatest extent possible

Reduce the need to intervene when possible.
Remote workers can self-serve OS upgrades, which will reduce IT’s burden.
Allow operational and security tasks can be performed in real-time at every endpoint, without users being distracted.

4.) Provide transparent progress reporting to IT and security teams

Make sure everyone is able to see the progress toward the visibility and patching goals.

5.) Report consistent information to the board on security status

Establish a Key Performance Indicators driven framework to report to the board that raises awareness about security posture.
Both IT operations and IT Security should be held accountable for the achievement of and reporting on these KPIs.

6.) Join a cyber-information sharing organization relevant to your industry

You should ensure that your IT operations and IT security personnel have the most current threat information.
Based on this threat information, adjust your security and operations.

7.) Identify the person responsible for which actions in a cyber-incident

Create a shared plan for incident response and recovery.
Rehearse such eventualities.
Incorporate the technical response activities into your company’s overall incident response plan.
You must be able to recover from cyber-incidents when they happen.

8.) How to break down communication barriers

Managers should communicate their priorities and goals.
If possible, physically locate IT operations and IT Security together.
Encourage regular communication between IT operations personnel and IT security personnel.

9.) Consider co-managed services

Co-managed services can take the burden of IT support off your internal staff
Outsourcing some of your IT operations insures you are current with the latest threats, techniques and security monitoring.

10.) At least once a year, update your action plan, KPIs, and priorities