Express Computer

Home  »  Interviews  »  “An organization’s size plays a vital role in determining the type of crime that it’s likely to face”

“An organization’s size plays a vital role in determining the type of crime that it’s likely to face”

Interviews
By Express Computer
0 28

Bryan Sartin, Director, Investigative Response, Verizon, co-author of the DBIR series, talked to Jasmine Desai about the impact of security attacks on Indian enterprises and the security measures that could be considered in order to prevent such breaches

When a security breach occurs how much should an organization reveal?
Revelation of information has to occur on different levels Firstly, you give out information due to your responsibility to customers, employees etc. An organization has to check the legal definition of disclosure as jurisdiction varies from country to country and, accordingly, the ways in which information should be disclosed legally also varies.

How do organizations deal with breaches occurring due to BYOD.
Regarding mobile devices and BYOD, CIOs across the world are facing the need to trade off security against convenience. CIO and CISOs are in a fix as they cannot say no to these devices and there is no good way to support them either. Generally, Identity Access Management (IAM) can be a good solution. For tablets and smart phones, SSL-based VPNs give greater control. They help in keeping track of who gets access to what and when. Cloud computing and virtualization bring their own set of problems when it comes to mobile devices.

Does the use of virtualization lead to an additional threat vector such as malicious code that can be transmitted from VM to hypervisor or VM to VM?
There are not many examples of threats in a virtualized environment. What companies are doing is to create separate virtual machines with a security and management structure around each. Creating such islands in a virtualized infrastructure is an effective security strategy for virtualized environments.

What can organizations do to reduce complexities in a security setup?
One needs to ask which complexities are the ones that pose major problems. The greatest deficiency today in any organization exists in the area of instantaneous protection. Breaches do not play out in minutes or seconds. They go on for months on end. 96% of the time, these breaches are pointed out by third parties and the answer is right there in the log files, which haven’t been seen by the in-house staff.

We keep on bringing this up in DBIR every year. Perhaps, organizations are fighting modern era electronic crime with outdated tools. In nine out of ten cases, the answer is right there in the logs. The fundamental problem is that people have too many logs in the first place.

How does a breach in a small organization play out as opposed to one in a large company?
Hactivism and financially motivated crimes are increasingly targeted at smaller organizations. We have sufficient data on the table to define hacktivism or cyber espionage. Although, it is not as common as people think, it does exist. The size of an organization plays an important role in determining the type of crime that it is likely to face. All hacktivism victims have a thousand employees or more while most financially motivated crimes are targeted towards organizations with 10-100 employees.

In what way can a company avoid security breaches?
It is vital to have a legal framework according to which, in case of a data breach, the third party provider should undergo an investigation. E.g. if a retailer has a POS operated by a third party vendor, it could be that the network through which the vendor connects to the provider is infected and this leads to a breach at the retailer’s end. While investigating the issue, the POS vendor must also undergo an investigation. For this, a legal framework is necessary along with the policies and processes that will help create a dividing line that clearly states the responsibility of the retailer from a security angle and the supplying vendor.

Get real time updates directly on you device, subscribe now.

Express Computer

Express Computer is one of India's most respected IT media brands and has been in publication for 24 years running. We cover enterprise technology in all its flavours, including processors, storage, networking, wireless, business applications, cloud computing, analytics, green initiatives and anything that can help companies make the most of their ICT investments. Additionally, we also report on the fast emerging realm of eGovernance in India.

You might also like More from author
Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
Powered by Convert Plus

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image