Cybercriminals don’t take the summer off, and neither does the team at Dell SecureWorks.
Among the resources available to IT departments to stay on top of emerging threats and best practices, Dell SecureWorks’ Security and Compliance Blog offers ongoing commentary and insights on how the managed security services market is evolving. Here are five key tips from recent posts over the last three months.
It’s already worse than you think: “If you buy into the premise that you are already compromised, doesn’t it make sense to focus on limiting damage and disruption to business operations?” asks Andrew Milne in a report on how to develop an incident response strategy. Many organizations don’t think about what they’ll do in the event of an IT security breach until it happens, but a proactive mindset may be the most effective way of preparing for the worst.
Everyone can afford to be safe: Small and medium-sized businesses may tend to under-invest in IT security at their peril, suggests Steele Hays. If cybercrime is part of their insurance package, for example, they may be overlooking a potential area for savings. “In a number of cases, companies have been able to reduce their premiums significantly by implementing the use of managed security services and documenting that for their insurer,” he says. Still not convinced? Hays says SMBs should think about having a third-party conduct a relatively inexpensive risk assessment to see where their gaps are.
People make mistakes: Experts have suspected for years that human error represents one of the biggest security threats, but quantifying the threats is another matter. In a post that walks through Ponemon Institute’s Top 10 risky practices by employees, Dell SecureWorks reveals that some fundamental best practices aren’t routinely applied. one-third of Ponemon’s respondents claim that their organization’s sensitive data isn’t protected by encryption or other data protection technologies,” writes Andrea Burns. “So there is definitely room to make fairly simple information security improvements.” This includes restricting device access and mandating regular password changes.
There are no short-cuts to securing Web applications: In a post about Payment Card Industry Data Security Standard (PCI-DSS), Roger Wymess points out that while the emphasis to date has been achieve compliance, there are still a lot of unanswered questions around data collection and use. It will be increasingly important for organizations to figure out a more holistic approach to mitigating all the potential risks around e-commerce. “PCI DSS compliance is where the discussion about web application security starts, but it should not be where it ends,” he writes.
Keep it real: CEOs and other members of the senior management team may tune out when the horror stories about IT security become too overblown, cautions Steele Hays in a post about making the business case around Advanced Persistent Threats (APT). “The reality of today’s threat environment is sobering enough,” Steele writes. “A summary of recent news articles on APT, the growth of cyber espionage, critical infrastructure threats and the cost of a major data breach ($84.4 million as reported by Global Payments, Inc. in its recent financial results release) should clearly communicate the risks.”
Get more valuable advice by watching Allstream’s on-demand Webinar: Managed Security: What you don’t know can hurt you.