Budget security airline Ryanair suffered a breach last week resulting in the loss of $5m, announced an article shared by Swiss Department of Defense CISO Ferdinand Kobelt. Aside from the typical post-mortem, this breach caught our eye because of the risk we recently profiled coming from the partner environments. The findings illustrate that enterprises deal with a huge amount of business partners through the cloud, 1,555 on average, and that many of these partners have less than stellar security practices. For example, one airline (not Ryanair) had 209 machines infected with malware and 9,716 compromised identities for sale on the Darknet. Enterprises can’t ignore risk from the companies they do business with.
— Ferdinand Kobelt (@FerdinandKobelt) May 2, 2015
Nikk Gilbert, formerly of NATO, highlighted this same risk in an article on identifying potential weak links in your company’s security. The article advocates for a defense in depth strategy with tools of all sizes, from Chrome plugins to monitoring tools with advanced anomaly detection. This wide range of solutions can also help stretch a security budget, with some services offered for free.
Information Security: Identifying Your Weakest Links – InformationWeek http://t.co/swM33NGKTL
— Nikk Gilbert (@nikkgilbert) May 3, 2015
When it comes to spending prudently on security, one of the best investments you can make is in employee training, advocates Dejan Kosutic, who helps companies with ISO documentation and implementation. Kosutic gives a list of specific topics a training program should cover, so CISOs can have a resource for starting their own education program. The article is a refreshing change in the conversation, arguing that more spending doesn’t necessarily equate to better security.
— Dejan Kosutic (@Dejan_Kosutic) May 3, 2015
Latha Maripuri, NewsCorp CISO, shared a timely article on the soft skills necessary to succeed as a CSO. Faced with a host of new challenges from attackers and their own employees’ work habits, today’s CSOs and CISOs require the dynamic personality traits of a politician, researcher, and sports coach. These lofty requirements reflect the new role that security executives play in engaging with the board of directors and potentially even the general public, in addition to leading internal security teams.
Balanced perspective on "The Rise of the Chief Security Officer" http://t.co/f9El9xCd79
— Latha Maripuri (@lathamaripuri) May 3, 2015
One common thread in the aforementioned articles that every one alluded to is the fact that many more organizations have been breached than are aware. While it may be nearly impossible to execute completely successful preventative security, enterprises can invest in rapid detection to mitigate damage. This capability is a key step in the process of managing risk.
If 97% of all business have been breached, assume that includes YOU! Prepare #cybersecurity
— Phil Agcaoili (@Hacksec) May 4, 2015
The Definitive Guide to Cloud Security
Data security is now a board-level concern for 61% of organizations. In this ebook, we will dive into the details of a framework for managing cloud security.Download Now