Page 77 - index
P. 77
grow even higher. Between medical health records, to identity and credit information, the risk of
negative impact to customers should data fall into the wrong hands is real. Cyber crime has
become a large business and cyber criminals have become better and better at monetizing the
data they exfiltrated. Javelin Strategy & Research has found that the likelihood that a victim of a
security breach will also become the victim of fraud has grown from a one in nine chance in
2010 to a one in three chance as of 2013. So although meeting HIPAA, PCI or other compliance
standards and SLAs are critical to keeping your organization out of risk for fines, just
maintaining compliance will not protect you from all malicious threats.
Exceeding compliance standards and building confidence, both internally and externally, in your
security posture requires consistent, proactive monitoring of your end-to-end IT infrastructure.
With the availability of mass quantities of machine data comes responsibility for organizations to
actually utilize it. But it won’t be your IT or security organization alone that can handle it. CISOs
must remain vigilant, identifying the consistent patterns of threats and adjusting their team and
skillsets available to ensure that they are prepared and able to address the issues your
company faces. The increasing use of machine-learning to analyze and distill petabytes of data
into actionable alerts and insights will assist in the process, but no amount of data can replace a
security team’s holistic understanding of the enterprise infrastructure. If the rising tide of
cybercrime continues, we might see organizations become more transparent and sharing
information about consistent threats and challenges with each other. Until then, CISOs must
realize that with fundamental changes to the network come fundamental changes to the way
they must address compliance and enterprise-wide security. In a world increasingly driven by
data, the enterprises that successfully integrate and evolve analytics, processes and strategy
will be in the best position to maintain a strong security posture.
About The Author
Joan Pepin is VP of Security and CISO at Sumo Logic, the next generation machine data
intelligence company. Joan has more than 15 years experience in information security in a
variety of industries, including healthcare, manufacturing, defense, ISPs and MSSPs. Her
experience spans technical, operational and management level of security, allowing her to bring
highly technical research expertise to her role in security management, marketing and strategy.
A recognized expert in security policy and lifecycle management, Joan is the inventor of
SecureWorks’ Anomaly Detection Engine and Event Linking technologies. Joan can be reached
online at [email protected] and at our company website http://www.sumologic.com/.
77 Cyber Warnings E-Magazine – July 2014 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
