Who's to Blame if a Security Breach Affects Your Organization?
If a security beach affects your organization, your main focus may be to solve the problem as quickly as you can, not point the finger in blame. But your customers want to know why it happened and who was responsible, even if the breach occurred because of their own lax security measures (e.g., sharing passwords or opening suspicious emails). In fact, a recent survey found that 70 percent of consumers expect businesses to take responsibility in event of a data breach. But who within your organization should take the heat?
If an organization doesn't budget enough for security solutions, the fault will likely be placed on whoever makes the financial decisions, stemming from the CEO. In fact, 29 percent of IT decision-makers who took part in a recent VMware survey thought that the CEO should be held responsible in the event of a large-scale data breach.
If a data breach occurs event after you company adequately budgets for cybersecurity solutions, 21 percent of IT security professionals surveyed would still hold your CISO accountable in the event of a data breach.
According to a 2014 report, 95 percent of cybersecurity incidents are due to human error. That's why personnel who manage IT security on a regular basis are easy targets for blame.
While accountability may start with the CEO and board of directors, everyone in your organization should take responsibility for cybersecurity. Even if you have the most modern cybersecurity technology, its return on investment will be nonexistent without full employee participation.
Acronyms All Businesses Need to Know
In the world of cyber security, its easy to get overwhelmed with all of the acronyms industry experts throw around in everyday conversation, especially when the acronyms represent unfamiliar concepts. Nonetheless, it's important to become familiar with these terms and understand their general purpose.
IDPS: Intrusion Detection & Prevention System - An IDPS generally involves both an intrusion detection system (IDS) and an intrusion prevention system (IPS). The IDS component contains a database of known attack signatures, which it uses to detect and monitor incoming threats. The IPS component is able to respond to events detected by the IDS.
EDR: Endpoint Detection & Response - An EDR Solution is intended to detect and respond to anomalies in any of your endpoints. Endpoints are any devices connected to your network, including servers, workstations and modems.
SIEM: Security Information & Event Management - SIEM and EDR work together to aggregate data from multiple sources, but unlike EDR - which only monitors endpoint abnormalities - SIEM solutions are able to monitor events from a broad range of sources. Those include your IDPS, firewalls, anti-virus software, end-use devices, servers, network traffic, and operating system logs.