Rising Security Attacks: A Wake-Up Call For CISOs

by CXOtoday News Desk    Feb 16, 2015

data security

In order to maintain a competitive edge, organizations must transform and adapt to changing business trends and needs. In that process, they also need to be prepared for evolving security threats.

Even as companies strategize to tackle data breaches, cyber criminals continue to unleash newer types of attacks targeting different verticals. This time, Anthem, US insurance giant, was the victim with attackers stealing data of over 80 mn customers which included medical identity numbers and social security numbers.

The attack on Anthem is yet another lesson for security officers in organizations to ensure higher security and create a plan that is not just about securing networks and systems. According to reports, insurers and health care providers in the US currently face about 20,000 to 30,000 hacking attempts every week.

Encryption, the key to better security

What is of utmost significance is understanding what needs that extra cover of protection. Offering an expert advice, GajShield, a leading Network Security provider, emphasizes on the need for organizations to focus on protecting key IT infrastructure rather than applying blanket security policy across the enterprise.

“Every unit of your organization needs to be treated differently. Core information need to be secured with extra efforts,” it says, advising two-factor authentication so that stolen credentials do not lead to access to mission critical systems. GajShield also recommends role-based access control so that a single account does not have access to critical system  

Security is certainly the primary consideration over other business initiatives. Informatica SVP and GM Amit Walia feels that investments in data-centric security technologies, such as data security intelligence and data security controls (i.e. masking and encryption) will advance one’s ability to minimize the impact when a breach occurs.

Walia has a two-step solution: “First, we need to educate developers on the importance to design security controls into applications and connected devices from the start. Second, data management and security administrator professionals need to collaborate on implementing processes that identify, classify, and track where sensitive and private data proliferates.”

E&Y’s recommendations

According to Ernst and Young’s Global Information Security survey of 2014, over 56% of organizations are unlikely to detect sophisticated cyber attacks. Even in the Anthem case, the attack happened on December 10, 2014, but it was detected days later on January 27, 2015.

Though security spends are on the rise, what is lacking is the right foundation for data security. Organizations must have an element of anticipation when it comes to cyber attacks and know exactly what needs to be protected.

E&Y recommends a three step formula which is: Activate, Adapt and Anticipate. After laying the foundation of cybersecurity, which includes a set of information security measures, the companies must adapt to changing business dynamics and in the final stage, they must have an incident response mechanism.