Security is like playing the game of Chess where you have to think multiple moves ahead of your adversary and plan your upcoming moves accordingly. You almost wish that you had a read into your adversaryâ€™s mind. In other words, you have to be proactive in the game of Chess — even more so in the Game of Security. Reacting to your adversaryâ€™s moves after the fact would be too late because of the disastrous effects of each successful attack. So, how proactive can enterprises afford to be in the Game of Security? Let us first start by taking a look at some of the proactive steps at play.
We can start by taking a look at the state of security within the enterprise. “We would better get security right,” says HP Security Strategist Mary Ann Mezzapelle in her keynote at the recently held Open Group Conference at Newport Beach, CA. Asserting that proactive risk management is the most effective approach, Mezzapelle challenges enterprises to proactively question the presence of shadow IT, data ownership, usage of security tools and standards while taking a comprehensive approach to security end-to-end within the enterprise.
The keynotes at the recently concluded RSA 2013 Conference suggest some compelling techniques that warrant serious consideration:
Also, how about the inception of OODA techniques into the security hacker’s mind?
Can enterprises afford to take such proactive steps? Or more importantly, can they afford not to?
The HP Ponemon 2012 Cost of Cyber Crime Study revealed that cyber-attacks have more than doubled and the financial impact has increased by nearly 40 percent in a three year period. In other words, security is a board-level concern today as indicated in this ComputerworldUK article by Antony Savvas.
Enterprises must balance the cost of executing such proactive measures against the cost of cyber-crime. The HP Ponemon study estimates the average annualized cost of cyber-crime to be $8.9 million per year, with a range of $1.4 million to $46 million for 56 organizations.
How about you? What are some of the other approaches enterprises can take to be more proactive? Have you assessed the cost of cyber-crime for your enterprise? Please let me know.