Page 68 - index
P. 68
Why Security Incidents are different — and more dangerous —
than IT Incidents
by Ivo Wiens, Seccuris Inc.
Imagine that, for some odd reason, you decide to build a house in an area that gets slammed by
tornados on a regular basis. The smart thing to do is design and build your home to withstand
the onslaught of a tornado’s force. That way, you, your family, and your valuable belongings are
protected. You’ll also devise an emergency response plan, like an underground shelter, just in
case the tornado manages to find a weakness in the structure around you.
Now imagine your house is your organization’s network system, and the land that surrounds it is
the internet. That land is fraught with tornados in the guise of malware, viruses, hackers,
criminals, and other formidable threats trying to penetrate your structure. Like a house in
tornado alley, it makes sense to fortify your network so it shields your valuable data and
information from unknown dangers, right? You’d also have an emergency response plan just in
case something pierces your defenses. Right?
Yet, there are still organizations that don’t do either.
According to The Online Trust Alliance (OTA), data breaches spiked to record levels in 2013.
The OTA states that over 740 million online records were exposed. Most of those breaches
were avoidable, but many organizations, including major retailers, didn't have the right security
controls in place. Offense is always the best defense. Developing and implementing an
integrated security program is the most effective way to avoid security incidents. But even the
most comprehensive security isn’t 100%. Incidents may still occur. And if they do, you must
have a security response team and plan ready to react at a moment’s notice.
Your team must be able to recognize a security incident, evaluate the associated risks, and
determine the most effective approach before, during, and after an attack. One of the key
factors of recognizing a security incident is being able to differentiate between it and other IT
incidents. While the two may share common problems, their potential levels of threats and
consequences are vastly different. Knowing the difference can protect your organization and
customers from a loss of critical information, stolen revenue, and even legal actions.
Basically, an IT incident is usually a technical issue that, in many cases, can be handled within a
short period. On the other hand, security incidents risk a higher likelihood of long-lasting
collateral damage. Your e-commerce site crashing is an example of an IT incident, while a
security incident would be a hacker breaching your network and stealing credit card numbers.
Your e-commerce site going down can disrupt your business, but it will rarely have long-term
consequences. But losing credit card data can result in potentially disastrous financial
ramifications and legal actions that affect not only your company and reputation, but also your
customers.
68 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
