Posted by: David Scott
business continuity, data breach, data recovery, IT security, Juniper, Juniper Networks, Juniper Networks Survey, Security Plan, security policy
From Europe comes incredible news, as reported by Juniper Networks. Amazingly, 84% of businesses have experienced at least one data breach in the past year.
Eighty-four percent. Huh. Well, at least 16% are doing something right.
But wait – I think we can safely assume that a good many of those are surviving on dumb luck. And, as stated here in The Weave, something bad can be transpiring at this very moment, with the organization as yet being unawares that a harming event or circumstance’s yield is just around the corner.
According to Juniper’s survey of 1406 IT folks, 31% indicated an increase in the frequency of breaches, and 76% report that attacks have become potentially more damaging or harder to prevent, due in part to difficulty in prevention.
Of particular concern are mobile devices such as smart phones and laptops. These privately owned elements are difficult to manage, being that they’re outside the usual realm of the enterprise’s policies and control. In fact, 34% of those responding attributed breaches to laptops.
It can’t be emphasized enough: Organizations need to make immediate identification of all outside access to the enterprise environment. Once surveyed, a policy and plan set must be drafted; a respective definition for, 1) Allowed access, acceptable use, required security features and protections – 2) paired with a plan to roll out training, ongoing user awareness, and those security features that must be harbored and adhered to at all times by anyone accessing from outside.
Anything short of this is folly. The organization is begging for a catastrophic breach of systems, data and reputation. Things are only going to get more challenging:
- Threats are going to harbor more power to harm
- Threats are going to increase in number
- Threats are going to stream into the organization’s face at an accelerating rate.
Get ahead of the curve now. Survey all security policies and measures. Do some research. Determine your level of affordability in terms of time, attention, and resources, vis-à-vis acceptable risk.
What is “acceptable risk”? Only your organization is going to know that for your organization. Engage business stakeholders and IT governance, hammer out the accepted plan, and then execute.
Get this on the table, and get it going.
NP: You’ll Never Know, Red Garland