Securing Your Most Vital Asset: Your Data

By Murali Ramalingam Country Manager – Sales Ixia Technologies Pvt Ltd.

We’re all familiar with the saying, “time is money.” Every second counts in today’s fast-moving business environment. From go-to-market strategies to cyber incident response, the smallest slip-up can cause extensive damage to an organization’s bottom line and brand reputation.

Even major enterprises can’t completely bounce back from a breach. We saw this back in 2014 and 2015 when Target and TalkTalk both fell victim to data breaches. The year following Target’s breach, only 33 percent of U.S. households shopped at Target in January, down 10 percent from the previous year. TalkTalk lost about 100,000 customers and incurred a cost of 80 million pounds after its breach.

Murali Ramalingam Country Manager – Sales Ixia Technologies Pvt Ltd.

Yet time and time again, we see breach headlines and cyber security incidents that were either not addressed in time, or not addressed at all. Many organizations do not have enough training, general incident response preparation, or vetted security tools—all critical when businesses across every industry are looking to technologies to streamline their business operations and augment employee capabilities.

Organizations need to be attuned to the necessary precautions required in today’s highly digitized organizational environments. A recent Ixia survey found that 34 percent of developers have launched products that are known to still have bugs. Additionally, 31 percent of developers said products harbored significant weaknesses that required patching after being shipped out. Organizations and consumers then purchase these products across the globe, making them huge liabilities to those who buy them. This begs the question, what do we need to do to bolster security?

Shift the Culture

Shifting the security culture so that it extends beyond a few security professionals at each organization is crucial. This requires proper training and full adoption by employees. Everyone needs to be ready, at all stages, to catch any possible vulnerabilities that could place digital assets at risk. This is critical, as recent research from SANS Institute discovered that 43 percent of worldwide companies do not have a formalized incident response plan, and a whopping 55 percent didn't even have an incident response team.

This is a mistake. It’s clear we need to assume that our products are buggy and that it’s an only a matter of time until something cracks. Until the industry does a better job at providing secure products, it’s up to us to employ constant efforts to safeguard against threats. Efforts must be meticulous and updates, patches, and configuration changes need to be carefully executed. But, the alternative is becoming the next JPMorgan Chase, which made headlines after being breached due to poor server configuration.

Test, Test, Test

It’s not wise to set it and forget it. We need to be testing at every level to ensure that things are running smoothly and no nefarious actors have infiltrated the networks. Testing exposes developers and IT to what suspicious activity looks like, helping them prepare for any possible forthcoming incidents. The key to this is repetition through proactive testing efforts and simulations.

The proper test should reflect the widest possible range of attack types, particularly, in a seemingly live scenario. The closer to reality the test, the better prepared IT and security can be. Repetition aids in keeping a pulse on the evolution of threats and the applications they target. Put simply, the test should be a comprehensive approach that reflects reality as close as possible.

Ultimately, the crux lies in doing more than the bare minimum. The data explosion is not beneficial just to the organizations that house the data but also to the hackers that manage to pilfer it for their own monetary gain. In this light, organizations need to adopt a secure mentality from the ground up, which can only be installed by continuous and rigorous training, testing and asset management.