“Band-Aids Before Blood”
John T. Schelewitz- Director of Sales, Virtual Auditor, LLC
As a salesperson accountable for the positioning of compliance and security solutions to the Healthcare and Financial verticals, I often find myself in a unique position. This position being, how to digest the following; “We have quite a few other projects on the table”, “We have not budgeted for that”, “We performed an audit/assessment a few years ago”, “We are content with our current status” and related.
Before I get ahead of myself, there is success had in simply gaining a response. Well, that may solely be of value to me and not those interested in my quota attainment so, I digress…. My concern is this, if there is not a plan to have band-aids on hand, how do you plan to address the inevitable blood? According to a recent analysis by a leading IT security firm, of the small portions of IT budgeting set aside for security, corporations often spend as little as 10 percent on incident response, 30 percent on detection and the rest on prevention. That is, if there is any spending. And all of that only if there is concern that results in the establishment of defined needs, requirements and initiatives.
More often than not, action, or should I say reaction, is brought about by the sight of blood.
“Instead of merely blocking threats at the perimeter of a network, a multilayer cyber response that protects every critical component inside the network as well as external connection points is a more effective, proactive approach” (CardVault, 2014, para. 3). This statement reflects the sentiment of a leading cyber security attorney. With external and internal threats both on the rise and inevitable, can your organization afford to be in a reactive position? The thought of “This won’t happen to my network” is about as realistic as a unicorn monitoring USB usage.
My advice is this; Put a fluid security plan in place to address devices, systems, applications, and users. This plan must address the enterprise from the firewall to the desktop. Processes, controls and accountability are critical in this planning. This plan will include human and appliance elements. Ultimately, you must understand that your network is exposed 24x7x365. At any point during this time, there may be blood. Do you have band-aids?
CardVault. (2014). Expect a cyber-breach: It will happen. Are you Ready? Retrieved from http://cardvault.com/expect-a-cyber-breach-it-will-happen-are-you-ready/
Tips from the RISC and VA team
Don’t let the fear of a data breach keep you awake at night: Schedule a vulnerability assessment and learn ways you can protect your systems.
- Run a data breach response drill to practice on a scenario so there is less panic when responding to the real thing.
- Spend a few minutes learning how to improve privacy protections and security safeguards.
- Visit VirtualAuditor.com and www.RISCsecurity.com to learn a great deal more about the various tools we offer to enable healthcare organizations, financial institutions, universities, and business of any size, to effectively monitor, enforce, and audit your confidential information.