Blackbird’s Security Philosophy: Features of a High-Quality Security Program
2. Recognizes that Security Events May Occur and Plans for These Events
How common are successful security breaches?
According to the 2007 CSI Computer Crime and Security Survey, 46% of the 494 survey respondents reported that they experienced security breaches within the past year. Although the survey, which has been tracking data for 12 years, had shown a drop in average estimated losses due to cyber-crime over the past 5 years, 2007 showed a significant upswing. The respondents reported an average annual loss of $350,400, up from $168,000 in 2006. Financial fraud was identified as the source of the greatest financial losses, and insider abuse of network access or email (such as trafficking in pornography or pirated software) was the most prevalent security problem.
The message is clear: To safeguard your organization’s vital resources, you must assume that a security event will occur and you must plan accordingly.
How will you minimize disruptions to business continuity and impacts on your customers? How will you prevent loss or release of critical data stores? How will you handle incident recovery? Are you prepared to quickly launch a forensics investigation, before evidence of the security event is destroyed?
Having detailed, workable plans for responding to these kinds of events will minimize the losses your company incurs. Planning for the worst isn’t cynicism… it’s a good business practice.