Security The Ugly Child of IT ?

February 6th, 2015 • no comments

For many security is the ugly child of IT. When people start to consider security, it’s often as an afterthought or at worst a necessary evil.

Thankfully attitudes are changing. Recently a series of high profile cases have focused company’s attention on the need to protect their (and perhaps more importantly), their customer’s data.
In particular the recent highly publicised attack on Sony’s IT infrastructure demonstrates an insidious form of attack in an increasingly connected world: those that are deliberately and exclusively aimed at damaging organisations credibility by compromising its employees or customer’s privacy.

Security and Credibility

Many organisations have long since appreciated that the damage to a company’s reputation caused by security breaches is the single biggest threat to their credibility.
The Sony case and the recent leak of US diplomatic cables have both highlighted the fact that organisational embarrassment alone is now a powerful weapon when wielded by malign hands. In both cases the data was released into the public domain through the supposed anonymity of hacker groups.

“Only a fool learns from his own mistakes. The wise man learns from the mistakes of others.”

Otto Von Bismark

The ‘Cablegate’ affair was not a sophisticated attack from an externally acting agent. The culprit was a rogue individual within the organisation who simply abused the access that he might legitimately have been said to have required for his role.

Could simple mitigating controls of reduced the impact of this security breach?

If the careful segregation of data on a need to know basis is the principle risk reduction method in an organisations armoury. Mitigating controls should be the second line of defence.

Could pre-emptive action have been taken if simple mitigating controls were in place?

The US deliberately loosened rules regarding the segregation of data after 9/11, the objective was to improve information sharing and ultimately the effectiveness of security services analysis. While these were worthy aims, it could be suggested that the corresponding compensating controls were neglected. Controls could of provided oversight to the extraordinary amounts of data that was being downloaded by this individual.
The ‘Cablegate affair’ compromised people who had provided information to the US security services and to which a duty of care was owed. The reputation of the US government has suffered as a consequence.
Your reputation hinges on protecting your customers data.

Secure companies are trusted companies

Ultimately a vigorous approach to securing your organisation data is an important part of building confidence and trust with those who you work; secure organisations are professional organisations.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.