Consider delaying IT security fixes
The reality today--one that many executives still haven't truly acknowledged--is that every company will at some point face a security breach.
We all face the daily risk of an attack. No matter how much you have invested in security management, there is no getting around the fact that your defenses will fail at some point. You have to accept that. The key is to put in place a program to minimize risks of course but also to respond to breaches when they occur in a way that is fair to all parties, including victimized customers, regulators and employees. We'll soon be offering an e-book that get into the process by which companies can make their security efforts much more "intelligent" at all levels.
In that vein, we'd like to mention a new report from Forrester Research, Planning For Failure, that explores some best practices for managing breaches.
The report points out that, "A poorly contained breach and botched response have the potential to cost you millions in lost business and opportunities, ruin your reputation and perhaps even drive you out of business."'
If you think that is an exaggeration, consider Diginotar, the breached digital certificate company, which filed for bankruptcy just recently. All this is worth thinking about, given the many tricky decisions that security managers must make these days. Network World notes one example: In some cases, it may be better to delay fixing a security hole to allow the wheels of justice turn. In the wake of a breach, companies must "make an investigation and prosecution decision immediately. Bringing a bad guy to justice could be problematic. You may need to keep a breached system running in order to preserve evidence. In addition, it could take a significant amount of time before a trained forensic investigation or law enforcement official can respond to your breach."
In any case, there are lots of thorny issues to ponder if you really want to be well prepared.
For more:
- here's the article
Related articles:
Breach insurance continues to gather steam
Cyber attack threats continue to grow
IT employees feeling stress of cyber wars
Comments