It seems that on a weekly basis yet another data breach occurs within the walls of global corporations. Cyber hackers consisting of nation states, activists, and criminal enterprises seem to have an easy time capturing the crown jewels. In 2015, the British insurance company Lloyd’s estimated that cyber-attacks cost businesses as much as $400 billion a year, which included direct damage plus post-attack disruption to the normal course of business operations.
Part of this reason may be due to how information security is viewed and handled within the organization. On average, Information security, risk management, and compliance teams implement controls and rely on Operational Teams such as Network Operations Teams, Infrastructure Teams, Development Teams and Facilities teams to keep order by protecting the organization’s assets.
Unfortunately, this is where things go south. On average, below are the missions of the mentioned Network Operations Teams, Infrastructure Teams, Development Teams and Facilities:
- Networking Team – keep the networks running reliably without downtime.
- Infrastructure Team – responsible for the availability and delivery of the IT Infrastructure.
- Development Team – develop state of the art software business applications.
- Facilities Team – maintain utilities and buildings within the organization.
As evident in the above mission statements, the goal of operational teams is to keep the lights on while the goal of Information Security is to protect the confidentiality, integrity, and availability of the organization’s data and assets. For those of us in Information Technology, we all very well know that to keep the lights on, sacrifices must be made. And at times, the keep detriments are made at the expense of Information Security.
Cyber criminals are well aware of this concept and continue to exploit vulnerabilities on an ongoing basis as they know that each IT Team continues to operate in silos that rarely collaborate with each other which leads to IT security risks aggregating as they may have identified on an administrative, technical and/or operational layer within the organization.
Also, most of the time, the IT security findings are kept on spreadsheets or word processing documents which are typically edited by multiple users without adequate change control that at times draws the attention of auditors and regulators regarding their integrity and security.
ServiceNow, a service management software company has created a response software called Security Operations that can be tailored and specifically designed for organizations of all sizes to respond to security incidents, address and manage vulnerability management and threat management. For more information on the matter, please visit our upcoming Cyber War Stories Webinar # 2: Vulnerabilities with Externally Developed Products scheduled in November 2016.