Why action, not reaction, is the key to cyber security
It recently hit the news that US banks are accusing retailers of dodging costs when it comes to cleaning up after cyber-attacks. In an unlikely move, industry bodies representing banks are joining forces to persuade lawmakers to draft legislation to place the onus of dealing with security breaches with retailers themselves. This would mark a departure from the current status quo, which often rules banks as being responsible for these costs.
With both the scale and clean-up bill of security breaches increasing rapidly, it’s no surprise that banks are getting frustrated with footing the vast majority of the bill. This news should be seen as further evidence that businesses – and retailers in particular – need to be developing their security measures strategically, and in line with the specific threats they face.
Given that consumer tolerance for data loss is at an all-time low and that the threat landscape is developing at an increasing rate, remaining reactive to security challenges is no longer enough. Instead, businesses should be taking a proactive, strategic approach to security that identifies industry-specific threats and eliminates them before they have time to develop into more serious attacks. Consistency and flexibility is the key to doing this.
This is where industry expertise can really help, as this brings ideas together and supports the development of new security capabilities while allowing the organisation to focus on its primary goals and on driving the business forward. This is also where collaboration and information sharing, both within and across vertical markets, can be valuable.
While responding to security breaches and incidents will always remain a key function of security teams, this shouldn’t lead to knee-jerk reactions and distress purchases to treat the symptom as opposed to the underlying issue. An informed and fully-developed security strategy that identifies threats at the outset, coupled with on-the-spot measures, is what business looking to full take control of security threats need to implement.
Image Credit: Purple Slog
Latest posts by Rob Lay (see all)
- Why action, not reaction, is the key to cyber security - December 15, 2014