Planned downtime and uptime can occur at the same time, without going offline, but this
               type of continuity requires capital investment in technology.



               PREPARATION EQUALS PREVENTION

               If  the  steps  of  documentation,  patching,  and  redundancy  seem  obvious  and  simple,
               that's  because  they  are  and  should  be  the  fabric  of  IT.  Nevertheless,  I'm  continually
               dumbfounded  by  the  number  of  organizations  that  bypass  documentation,  ignore
               patching, and don't upgrade — especially when there is software available to automate
               patching and reporting, and minimize service interruptions.


               Given that breaches became almost commonplace in 2017, I expect the need for robust
               security  tools  to  rise  exponentially  in  2018.  Consider  leveraging  a  comprehensive
               monitoring toolset that can outline a baseline of performance across systems, networks,
               and especially databases, which are particularly vulnerable to attacks.

               Oddly enough, the rise in breaches is compounding the indifference around information
               security.  Instead  of  raising  the  volume  on  better  security  practices,  the  regularity  of
               incidents is turning them into noise. For everyday people, there's a level of acceptance
                                           ®
               now,  and  the  Band-Aid   of  replacing  credit  cards,  for  example,  is  more  of  an
               inconvenience than a threat.

               Now, we're also seeing similar resignation bleeding into enterprises, as potential losses
               are accounted for in the annualized loss expectancy. The cost of a breach, however, far
               outweighs that standard number.

               Plus,  we  are  now  entering  a  realm  where  those  subjected  to  breaches  will  be
               considered  criminals  as  well:  the  recently  introduced  Data  Security  and  Breach
               Notification  Act  could  require  companies  to  report  data  breaches  within  30  days.
               Anyone knowingly concealing an incident could be fined or go to prison.

               The good news is, breaches at a large scale are preventable, but it takes collaboration.
               IT must ensure the foundation is strong and current, but that can only be achieved with
               executive support. The bottom line is: if you value your customers and your business,
               then you will value security.










                   10    Cyber Defense eMagazine – February 2018 Edition
                         Copyright © 2018, Cyber Defense Magazine,  All rights reserved worldwide.