A reported boost in the global information security spending during the ongoing year should have been something to cheer about, if you are related to the risk management discipline. However, with the incremental association of inevitability with cyber attacks, any such good update is failing to provide a prolonged duration of happiness, forget about a sense of security that consumer data is going to be protected well from here on.
An analysis by research firm Gartner documents that worldwide spending on information security will grow to $75.4 billion in 2015 while the information security market will advance at a CAGR of 7.4 percent through 2019. The increase during the ongoing year represents a growth of 4.7 percent over the past year. But then there comes up something that you’re probably tired of hearing about – a massive data breach.
Hackers successfully attacked systems at Ireland-based information services Experian, jeopardizing two years worth of consumer records belonging to T-Mobile US. In his Letter to Consumers T-Mobile CEO John Legere said, “the records of approximately 15 million people” were compromised, and the “data set was for applicants and customers of T-Mobile.” The breach “was discovered within two days, secured immediately.” The hacked data included names, birth dates, addresses, Social Security numbers, passport numbers, and driving license details – information that now referred to as ‘FULLZ’ by hackers. However, the breach “did not involve any payment card numbers or bank account information.”
The Experian breach comes on the back of a Grant Thornton International report, which details that cyber attack episodes are “taking a serious toll” on businesses across the world, and a ‘successful’ cyber attack costs firms 1.2 percent of revenues. The study estimates the cost of global cyber attacks for the past one year at $315 billion while they cost $81 billion, $62 billion and $61 billion to businesses in the Asia Pacific, the EU and North America, respectively.
Menacingly though, just over half of the businesses surveyed for the report admitted to having a robust cyber security policy in place. “With high-profile security breaches and hacks becoming more prevalent, nearly half of firms are putting themselves in the firing line with no comprehensive strategy to prevent digital crime.”
As data breach episodes – from the Sony hack to the Office of Personal Management breach – continue to rise in sophistication and scale, it is vital for organizations to implement robust cyber security strategies driven by policy changes as well as technology. Organizations must positively respond to the pertinent point that securing the organization’s information is not just a responsibility of the IT department. Institutions must accommodate policy changes to upgrade their information security management system (ISMS) to an acceptable international standard.
The ISO/IEC 27001:2013 certification is the most acceptable way to deploy robust information security management systems that heightens capabilities for security of information. Irrespective of the sector of industry your company belongs to, the implementation of ISO 27001 goes a long way in making your company compliant to regulations laid down for your industry. The recommended best practices, when implemented diligently, could detect security threats and alleviate them in a timely manner.
As one of the key requirements, the standard focuses on constant improvement of the security protocols within an organization. This factor, among several other things, refers to enhanced operational security, augmented access control, effective communications security, and development and maintenance of information security best practices. As the most relevant international information security recommendation, the ISO 27001 ensures effective implementation and management of security systems, thereby providing an organization’s leadership with confidence in the existing security measures.
Furthermore, it is also true that the confidence generated are not based on false positives, as it has been gained after increased cyber security awareness within that particular organization. Increased cyber security awareness through all ranks of the organization will make those concerned more responsive to the threats IT infrastructure could be exposed to due to even small unintended negligence.