Security breaches continue to
climb in frequency and cost, encompassing all industries and raising important
personal data privacy concerns. The growing awareness of identity theft and
consumers’ concerns about the security of their personal data following a
breach contributes to the high cost and lost business that follows. For
business continuity, lost business has potentially the most severe financial
consequences and has steadily increased over the past three years. As the
financial impact of a data
breach rises, what some leaders once viewed as a pure
technology issue is today seen as a larger business risk.
How Can Organizations
Reduce the Risk and Costs of Data Breaches?
One answer takes a
different point of view security professionals may not have considered in the
past: aligning security and business continuity for incident
response.
Too often, business
continuity and disaster recovery stand outside the security function within an
organization, with minimal touch points between the teams to ensure the most
effective security management for the company. In today’s threat landscape, that
needs to change. Organizations that involve their business continuity management
personnel in the data breach incident response process experience lower costs
and faster recovery times.
Weather the Digital Storm of Attacks.
Weather the Digital Storm of Attacks.
Chief Information Security Officers (CISOs) should take advantage of the expertise of and synergy
between teams that address both security threats and continuity threats.
Business continuity has always aimed to mitigate the impact of business
disruptions, including the loss of IT. Security can harness this capability to
bolster response
planning.
Threats to IT continuity and resilience, whether naturally occurring (as in a flood or hurricane) or intentionally created (as in a distributed denial-of-service attack) disrupt the organization’s ability to function. Secure, continuous availability is a common objective for both security and continuity professionals regardless of the business disruption’s root cause. Professionals on both sides can no longer afford to remain casual in their efforts to involve business continuity and disaster recovery planning in the security response.
Threats to IT continuity and resilience, whether naturally occurring (as in a flood or hurricane) or intentionally created (as in a distributed denial-of-service attack) disrupt the organization’s ability to function. Secure, continuous availability is a common objective for both security and continuity professionals regardless of the business disruption’s root cause. Professionals on both sides can no longer afford to remain casual in their efforts to involve business continuity and disaster recovery planning in the security response.
CISOs need to aggressively leverage these teams in their arsenal of weapons to
weather the digital storm of attacks. The Business
Continuity Institute also noted that this management plays an
important role in reducing the total cost of a data breach. According to
the “2015
Cost of Data Breach Study: Global Analysis,” conducted by the
Ponemon Institute, having business continuity management (BCM) involved in the
remediation of the breach reduced the cost by an average of $7.10 per
compromised record.
The study also showed that both time to identify and time to contain the data breach incident are substantially lower for organizations that involved BCM. Companies using BCM decreased the mean time to identify (MTTI) a data breach by 27 percent. Moreover, by leveraging BCM, an organization can decrease the mean time to contain (MTTC) the data breach by 41 percent.
In addition to cost and recovery time advantages, the analysis found organizations involving their BCM personnel in the data breach incident response process were 6.8 percent less likely to experience a material data breach involving 10,000 or more compromised records over a one-year period.
Business Continuity and the Cost of a Data Breach.
Aligning business continuity with security includes involvement in planning, budgeting, testing and event response. By doing this, companies can ensure collaboration through proactive teaming across organizations and establish cross-representation.
More importantly, by integrating BCM, security can take advantage of business continuity intelligence on what is most critical, harness strategies already in place for loss of IT and utilize existing BCM communication and crisis management processes for coordination of response for cyber events.
VSS helps organizations
to reduce their risk exposure across all areas of the enterprise including its
people, data, applications, network and servers. By having skills
that cover the entire organization, VSS can integrate the best security
products and practices to provide clients with an enterprise-wide solution. Learn
more here.
The post Business Continuity: The Unsung Hero of Security Intelligence first appears on Security Intelligence
Author: Paige Poore
The post Business Continuity: The Unsung Hero of Security Intelligence first appears on Security Intelligence
Author: Paige Poore
No comments:
Post a Comment