How confident are you in protecting your assets from a confidentiality, availability, and integrity breach?
If anything, the NSA breach by Edward Snowden just shows that none of us are ready.
In simple terms, most organizations find it challenging to appropriately allocate investment and resources towards effectively mitigating confidentiality, integrity or availability breach.
What do I mean by this? Most organizations invest heavily in security technologies and mistakenly focus on achieving high levels of “availability” as a best practice because Service Level Agreements are built around this. However, they neglect to implement appropriate security strategies for protecting confidentiality and integrity. This is a recipe for disaster. “Availability” does not equate with “security”.
Take, for example, the so-called Denial-of-Service attack on the Australian Bureau of Statistics (ABS) census website in August 2016. Thousands of Australians were prevented from taking part in this census (including myself) which overloaded the website.
Attacking “availability” in this way certainly left an embarrassing dent on this government-led initiative which may in turn impact any future online government projects (such as online voting) for many years to come.
And then there’s the Red Cross Data Breach that occurred in October 2016. Personal data belonging to 550,000 blood donors were leaked from the Red Cross Blood Service. This should never have happened to an organization responsible for storing and protecting highly sensitive, personally identifiable information (PII).
We all make mistakes. We’re human. However, leaving sensitive data exposed on a public web server is just about as irresponsible as it gets when it comes to security fumbles…Click HERE to read full article.