Corporate’s view of security
Posted by Sorabh GargJun 28
Security is a major concern for big corporations as they deal with very sensitive information like customer’s social security numbers, bank credentials, addresses etc. They need to have robust security policies to safeguard this sensitive information apart from their own classified data, from the real world threats which exist both internally and externally.
But it is unfortunate to realize that most companies look at security as a burden and do not treat it as their duty, they regard security as wastage of time, energy and resources. They fail to look at it as a business enabler or even as a business facilitator. They totally disregard the risk & vulnerability assessment reports from their security officers and deny any funds to mitigate the risks recommended by them. There is an overwhelming evidence that many of the companies which have an e-commerce site or even their own company website are attacked every other day, but the management likes to believe that they aren’t one of them or won’t be the ones to be targetted.
It is this false feeling of security that leads to bigger incidences that we see in the papers. This is apart from the fact that majority of the companies try to hide any data breaches occured at their data centers. They do this to avoid flak from their customers and ultimately loosing their business.
This is a very unfair practise on their part considering that though they had failed to realize the importance of security and take the necessary steps, they
should atleast let the customers know that their data has been compromised so that they can take appropriate steps to control further damage.
It was commendable on Google’s part to come out in the open about their systems being hacked by Chinese hackers. This didn’t have any negative impact on Google’s business but their decision was celebrated for being transparent. This also encouraged other companies to come out with their incidences of similar successful data breaches.
It is now that the mindset of the management is changing, which I must add is again forced, as the number and nature of attack is getting more and more sophisticated as well as the losses are getting unbearable. Regulatory authorities have now started to pressurize companies to comply with corresponding policies like HIPAA, US Sarbanes-Oxley Act etc which is keeping the management on its toes.
Hopefully we will live in a more secure and predictible environment in the future.
We will answer your queries at the earliest.
2 comments
Comment by swapnil on July 12, 2010 at 11:11 am
I sort of disagree with you.
There are strict corporate laws laid down by various monitoring and auditory agencies.Commercial Businesses have to adhere by them.
All the companies involved in online transactions HAVE TO be PCI DSS compliant.
Failure to do so,results in huge fines running in Millions for single instance of security breach.
Yes,Security is a liability for a company because it does not yield any tangible profits for the company.But not having it in place is far more disadvantageous.
The case u r putting forward may be of that part of corporate companies who fall in SMB category and have expense budget more than capital budget.
With advent of SaaS security solutions this number will go down further.
Comment by swapnil on July 14, 2010 at 3:09 pm
Another nice piece…
http://www.infoworld.com/d/security-central/4-reasons-why-execs-are-the-easiest-social-engineering-targets-264?page=0,1&source=rss_infoworld_news&utm_source=twitterfeed&utm_medium=twitter