This week's top news stories: stolen credit card data at Home Depot, hacking of Apple’s iCloud that revealed, well, revealing photos of the account holders. And it’s only Wednesday.
The latest issue of Cutter IT Journal, “Data Hacking: No Day at the Breach” addresses data security, which, according to Guest Editor Ken Orr, is a problem "No matter how large or small our organizations are, we cannot just wash our hands of [it] — there is too much at stake.”
Orr continues, “There are very few more pressing issues in management today than cyber security. Notice that I didn't say IT management; I said management. When the hacking of a major US retailer (Target) leads to the loss of billions of dollars in stock value and sales and the removal of not only the CSO, but the CIO and ultimately the CEO as well, stockholders, investors, and customers take notice.”
Thought leaders contributing to the debate and discussion of this important issue include:
- Rick Brenner, who deals with an important set of psychological issues associated with computer security. Brenner's insight and organizational experience lead him to propose several useful tests, drills, and debriefings that can help organizations identify exposures and loose ends in their security activities. This is a critical area, for, as they say, "Many times it's not the things you get wrong that do you in, it is the things you don't get at all."
- Anjali Kaushik describes many of the major issues and approaches involved in establishing and enforcing a workable BYOD security program. This is a key area, because it is through the discussion of security in terms of the use of advanced smart technology that the protocols of the future will be built.
- Chris Kauffman lays out basic strategies for finding and dealing with troublesome insiders. These include a mix of policy controls, monitoring technologies (including some promising new data analytics platforms), and incident response planning.
- David Wyld describes the Data Shell Game, which involves systematically encrypting and -- most importantly -- dividing key data and then distributing it among multiple data centers, so that it is near-impossible for any attacker trying to access protected data to know how to find and reassemble that data.
- Donovan addresses the data breach problem from the standpoint of the enterprise and its stakeholders, arguing that eliminating risk is not the goal of a mature organization. Rather, the goal is to minimize the enterprise's risk exposure by recognizing both the internal and external effects of risks.
Though of these approaches are important, Ken Orr states, “Even the most secure vault is of little value if we don't remember to put our valuables in it, turn the lock, and remember the combination. The same principle is true of data breaches. We have to understand what is important, what the result of information falling into the wrong hands will be, and what we can do to ensure -- to the best of our collective ability and technology -- to make sure that doesn't happen.”
"Data Hacking: No Day at the Breach" is available from Cutter Consortium.