The true cost of a data breach (Part Two)

By Mike Jones | March 28, 2012 | Leave a Comment 

Mike Jones

Last week’s Cost of a Data Breach Study update had one particular statistic that stuck with me and to which I keep being drawn to when discussing it with others. In the UK study, they discovered that where an organisation that suffered a breach had a Chief Information Security Officer (CISO) or someone with the equivalent level of responsibility in place, the cost per record dropped by an average of £18. I think the key word in the previous sentence is “responsibility” for a few reasons.

Firstly, we have the increasing amount of fines and penalties that can be applied to the individuals involved in failing to deliver against expectations. These have gone beyond the original highly regulated industries and out into the broader business context. With the coming updates to EU legislation, it’s likely to get more attention in the boardrooms of Briton, not less.

Secondly, and contrary to popular thinking, stopping data loss and protection of the key information assets an organisation has goes way beyond using scanners to prevent credit card details being emailed out. Primarily, it’s not a technical problem, it’s a people-process-technology challenge.

In the past, I have heard references to people-process-technology being like a three-legged stool of which you can’t remove any without falling off! This can be considered a fair comparison but, for me, the ‘people’ part of this stool is the most critical starting point. People have negotiation skills. People have perspective. People drive change.

When it comes to the role of technology in stopping data loss I view it like an exoskeleton to the people involved. That may sound a little sci-fi but what they need to be able to do is say “this stuff is important, please tell me how it’s being used, where it’s going and who uses it”. Technology enables them to reach into network pipes with gigabits of data pumping through them. Technology enables them to piece together a process involving four employees and an outside contractor. Technology enables them to see the HR director does not like using the VPN from his second home in the Cotswolds.

The reason I view it as an exoskeleton is that the knowledge of what’s important comes from the people involved, as does the appropriate response and the negotiation to get from where they are today, to a more secure future-state.

The relentless growth in information and systems shows we’re not moving towards a state where data loss won’t happen anymore. However, this report shows that if you put someone in charge with responsibility and authority to make change happen when it does occur, the impact to an organisation’s bottom-line is significantly reduced. I’m happy to predict the gap between those that take it seriously and those that stick their head in the sand will only get larger in the coming years.

 

The Magnificent (Windows) Seven

By Greg Day, EMEA Security CTO for Symantec | June 4, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

The wild west forms the backdrop for our latest video on Windows 7. Shot from the hip we warn y’all how to avoid the bandits associated with migrating to this hotshot platform.

For an IT manager working to migrate to Windows 7, Symantec provides the silver bullet to help you ride off into the sunset. Check out our new video to see what I mean, partner.

Symantec Unveils Plans for Lunar Data Centre

By admin | April 1, 2010 | 9 Comments 

admin

READING, UK. – April 1, 2010 – Symantec Corp. has today announced the purchase of two acres of land on the Earth’s moon as the build site for its new state-of-the-art ‘Data Centre of the Future’.

“Symantec has a long history of preventing data from disappearing into black holes. This move is the culmination of a vision to move Symantec from Cyberspace to real space” said Buzz Norton, a spokesperson from Symantec. “This project may be one small step for Symantec, but one giant leap for the next generation of data centres.”

The new facility will benefit from the latest green technologies for power and cooling, taking advantage of the moon’s lack of air and freezing temperatures to keep the data centre cool and utilising solar light to power the centre. “This data centre will be the greenest (or in moon parlance, the whitest) in the galaxy and will run without an earthly carbon footprint” said a sustainability expert too embarrassed to be named.

The lunar data centre will benefit from the next generation of security protection since it will be built out of reach of earth-bound elements and threats. It will communicate with earth via secure wireless transmissions. Buzz Norton concludes: “This level of security will totally ‘eclipse’ anything we’ve seen before.”

Forward-looking Statements: Any forward-looking indication of plans for products are clearly fictional and should be considered a joke. Any future release of the product or planned modifications to product capability, functionality, or feature are subject to ongoing evaluation by Symantec, and obviously will not be implemented in the foreseeable future, if ever, and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.

Photo by Flickr user penguinbush, licensed under CC BY 2.0.

@ By Design

By Guy Bunker | March 29, 2010 | Leave a Comment 

Guy Bunker

Snail, pig’s-tail, monkey’s tail, little mouse… just some of the alternative names for the ‘@’ symbol depending on where you are in the world. Of course we all know it as part of an email address, or from Twitter. OK, so what’s the post all about… well the ‘@’ symbol has just been elevated to the giddy heights of the architecture and design collection in New York’s Museum of Modern Art (MoMA)… which marks it out as something a bit special in the design world.

It first appeared on the typewriter in 1885 and was mainly used as accounting shorthand for ‘at the rate of’… it first appeared in the first email address in 1971 when the programmer wanted something to designate the user ‘at’ a particular computer. The @ symbol fitted the bill perfectly.

So the next time you send an email, remember you are now using a design classic at the same time.

Guy Bunker

Getting your money on the move

By Greg Day, EMEA Security CTO for Symantec | February 23, 2010 | 1 Comment 

Greg Day, EMEA Security CTO for Symantec

A report from ABI Research has forecast that about 244 million people worldwide will be using their mobile devices to carry out financial transactions with their banks. Indeed, Asia (with India taking a strong lead) is already pushing this technology forward.

Needless to say that while the move towards mobile banking is a positive one, and almost certainly something that we’ll all get a chance to participate in over the coming years, it also opens the door for more security concerns. Back in September, Symantec’s Ray Greenan and Matts Aronsson spoke to TMCnet about just that.

What is clear is that as more and more valuable information is stored on mobiles, the more of an opportunity they present to cybercriminals. Data such as bank account numbers, credit card details, passwords and telephone numbers can all be sold on the underground economy.

For the banks who are rolling this out it’ll be important that as part of their Due Diligence they ensure they put adequate security measures in place and, vitally, educate end users on how to be safe.

Social approach to the General Election

By Greg Day, EMEA Security CTO for Symantec | February 18, 2010 | Leave a Comment 

Greg Day, EMEA Security CTO for Symantec

votingAs the country gears up to the impending General Election the question of what role social media will play in targeting the increasingly web savvy population is growing in importance. Of course this isn’t a war that will be fought and won solely online, but there is no denying that with projects such as WebCameron and the Labour YouTube channel the battle lines are being drawn both on and offline.

The victory of President Obama was credited in part to his presence on and use of social media tools such as Twitter, and although as David Worsfold points out, it will have an impact on the UK campaigns, it is unlikely to play a pivotal role.

Using social media for any campaign throws up a host of potential security issues as we covered in our Security Response blog back in September. Of course, many users will be well versed in social media and know to only click on links from trusted sources but there is likely to be an influx of new users who trial social media on the back of these high profile campaigns.

Cyber criminals are getting increasingly savvy and are able sometimes able to infiltrate official streams in order to trick users into clicking on malicious links. It is vital that both veteran social media users and newbies understand the risks as well as the benefits in order to get the most out of web in what is set to be one of the hardest fought elections in recent times.

Live Free Or Die

By Guy Bunker | November 27, 2009 | Leave a Comment 

Guy Bunker


UNIX is 40 years old… where has the time gone. OK, so my first interaction with UNIX was in the early eighties, and being used to VAX VMS, it all seemed rather counterintuitive. ‘vi’ (pronounced ‘v’-'i’, not ‘vi’ – as I was very quickly corrected) was alien beyond belief compared to EDT… you could lose everything with one miss placed keystroke, or more usually one missed ‘ESC’. As an OS, the more you did with it, the more it could do… and it’s still around us today, its just people don’t realise it as ‘UNIX’ has disappeared and we now talk OS X, RedHat, SUSE and so on.

Anyway… The Open Group has commissioned a re-run of the classic ‘Live Free Or Die’ UNIX license plates, and there’s even a photo competition for those who feel inclined to take pictures of the license plate in-the-wild. Pictures to uniximages@unix.net, and you can see those submitted on Flickr.

Happy Birthday UNIX.

Guy Bunker

Blogging

By Guy Bunker | March 26, 2009 | Leave a Comment 

Guy Bunker

There’s a good article in this months CIO magazine on how to create a successful blog, and while I am in there with some of my thoughts, there are also some other excellent points – which I have made a note of, including from Phil Windleywho has one of the most interesting blogs (it features in my Blogroll).

The article isn’t (as far as I can tell) available on the web yet – so you will have to hunt down a paper copy for now.

The Truth, You Can’t Handle The… Privacy

By Guy Bunker | November 19, 2008 | Leave a Comment 

Guy Bunker

So, Barack Obama, soon to be the world’s most powerful man is going to give up email and his Blackberry. Why? From a security standpoint and because everything he does, or will do, will be open to public scrutiny and that will include email. Let’s take the security issue first… there is technology out there that locks these devices down, encryption to protect the data and policies which ensure that wrong people can’t get access and if it  is lost it can be remotely wiped and destroyed… so security really isn’t an issue.

How about the public scrutiny, is this because we no longer trust anyone to do the right thing or is it because we want to be be able to criticise everything at everypoint along the way? Whatever the reason it seems wrong to take it to the point where the most effective means of communication in a global society is removed from the person who could probably do with it the most.

The answer… I wish there was one… they say he might still receive email, just not be able to send it (what was the security argument again?) A pretty lame suggestion, a bit like having a pen but not being allowed the ink - after all won’t he just ask an aide to send the reply? I suspect 99% of emails will have been sorted out and filed before he even gets to see them. Obama has young children and while they are not yet texting or emailing or sending Instant Messages they will be by the end of his term of office – how ridiculous to prevent him from being able to communicate with them that way in the future… as that seems to be the best way to stay in touch with not only your children, but also friends and family as well.

The invasion of privacy (both business and personal) is tough for anyone in the limelight. Time to put some trust back into the system. Electronic communication is now commonplace in a social environment as well as a work one, and often the same devices are used for both. A little bit more trust in people is needed to help in this combined work/life electronic world… from the US President-Elect all the way down the tree to the rest of us – with a little more thought on what we do personally in work time and on work devices would also be good.

Information Overload… I’m Out Of The Office

By Guy Bunker | November 3, 2008 | Leave a Comment 

Guy Bunker

I had to laugh when I read the story about the email ‘out of office’ message ending up on a sign. But, it also indicates an interesting problem – we get email all day, everyday and presume that that the replies we get are correct… without a second thought. As the numbers go up, so our ability to respond to them properly or adequately goes down.

Dr. Herbert Simon, a Nobel Prize Winner, said it best, “What information consumes is rather obvious: it consumes the attention of its recipients. Hence a wealth of information creates a poverty of attention, and a need to allocate that attention efficiently among the overabundance of information sources that might consume it.”

Email is an essential business tool and provides a lifeblood of information, but we need to continuously revisit how we achieve quality rather than quantity.

Next Page »