One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 935492 |
| Date de publication | 2018-12-05 14:00:00 (vue: 2018-12-05 15:02:38) |
| Titre | Protecting the Wrong Things |
| Texte |
Businesses rely on technology more today than they ever have in the past. In fact, many business models are built entirely around a technology which, if disrupted, could spell ruin.
A traditional business with a brick and mortar presence is probably better-placed to withstand an extensive online disruption or outage. For example, if a bank’s online system or mobile app is unavailable, it has other options to fall back on – even if it does involve customers physically having to walk into branches to deposit cheques.
But those examples are rare, and even the most traditional of businesses are embracing the digital revolution at a rapid pace, vaporizing physical assets in the process. One only has to look at their smartphone and see how many physical items it has replaced, from maps, to flashlights, to cameras.
So, it’s important that the digital infrastructure that underpins the modern world is resilient. The ‘A’ in the security CIA of ‘Confidentiality, Integrity and Availability’ helped professionals focus on business continuity planning, and disaster recovery.
But have we been focusing on the wrong things?
Earthquake Resilient Buildings
Recently a building surveyor was explaining to me the concept of earthquake-resilient buildings. He highlighted an important point that in most countries, building code objectives are mapped to collapse resilience, not to damage. The analogy is akin to a car which has designated crumple zones to absorb the brunt of the force during an accident.
In other words, resilience in buildings and vehicles is all about saving lives - not the building or the vehicle.
Which makes me wonder whether businesses have focused on building resilience into the wrong parts. Is the industry focused more on saving the building or the vehicle at the expense of lives?
Broadly speaking, while lives are not literally at risk, (although with IoT making its way into every facet of life including medical devices, the risk does increase), there is a lot of personal information that companies are in possession of which slips through the radar of most planning sessions. The response often summed up as, “let’s offer free credit monitoring for a year for our affected customers.” In the building analogy, it’s the equivalent of, “Sorry your building collapsed and everyone died during the earthquake. Here’s a year’s coupon to stay in a local hotel.”
Crown Jewels
Companies are pretty good at protecting their own crown jewels. But they’re often limited in what they do for their customers.
One of the reasons is that the emphasis is put on the wrong type of information. PCI DSS is a well-meaning standard, but forced companies to focus on protecting payment card data. The problem with this approach is that card data is pretty much a commodity. It naturally ages, and new cards need to be issued as a matter of course. A breach simply accelerates the process. The point being that payment cards have natural resilience built into them.
That’s not to say that when cards are breached there isn’t a cost associated. It’s to avoid bearing the burden of these costs that card issuers rallied to have PCI DSS implemented, with the threats of big penalties to any company that was beached. This in turn forced companies to disproportionately invest into protecting card numbers over actual customer information. Protecting the buildings at the expense of its inhabitants.
Regulations like GDPR are a step in the right direction with its focus on protecting the pr |
| Envoyé | Oui |
| Condensat | “let’s “sorry ‘confidentiality about absorb accelerates accident actual address affected after against ages akin all allowing also alternative although analogy any app approach are are around aspects assets associated availability’ avoid back bank’s beached bearing become been beginning being benefits best better between big birth branches breach breached brick broadly brunt building buildings built burden business businesses but cameras can capture captured car card cards cheques choose cia code collapse collapsed collapsing commodities commodity companies company compliance concept continue continuity controls cost costs could countries coupon course credit crown crumple custom customer customers cyber damage data databases date dealing decisions deposit described design designated designed details devices died difference different digital direction disaster disproportionately disrupted disruption does doesn’t dss during earthquake easily email embracing emphasis entire entirely equivalent even events ever every everyone evolution example examples expense explaining extensive facet fact fall favourite fines first flashlights focus focused focusing force forced free from functions gdpr get gone good guise haroon has have having hazmat helped here’s highlighted hotel how however implemented important includes including increase individual individuals industry information infrastructure inhabit inhabitants integrity invest involve iot irreplaceable isn’t issued issuers it’s items its jewels landscape left life like limited literally lives local look lot made makes making many mapped maps massive matter maybe mean meaning medical meer metaphoric methods minimal mobile models modern monitoring more mortar most much natural naturally need new not numbers objectives offer offerings often one online only options other out outage over own pace part parts past payment pci penalties personal physical physically pizza place placed planning point possession prepared presence pretty prevent privacy probably problem process professionals protect protected protecting protection put radar rallied rapid rare reasons recently recovery registration regulations relatively rely replaced require resilience resilient response retrofitted retrofitting revolution right risk ruin said saving say security see sessions shift shop should significant similar similarly simply slips smartphone speaking spell standard start stay step stick store such suffice suits summed surveyor swapped system targeted technology than that’s them then there’s these they’re things think those thought threat threats through today tokenize tokenized too toxic traditional trivial true turn type unavailable under underpins understand used user’s userid users using vaporizing vehicle vehicles version versus walk way wear well what what’s when whether which why wields will withstand wonder words world wrong year year’s years your zones |
| Tags | Threat |
| Stories | |
| Notes | ★★ |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.