Cyber attacks are on the rise
Mark Raeburn, CEO, Context Information Security Ltd
Cyber attacks are commonplace in this age, and being compromised is no longer a rare event, so effective PR management and an effective remediation plan going forward are all that should be required.
Preparation, preparation, preparation
Siân John, chief strategist for EMEA, Symantec
It’s easier to respond and recover to an attack if you’ve prepared and planned for what will happen. This includes business leaders, PR, corporate communications and legal. Often practices focus on the technical aspects but it’s often the business aspects that have the biggest impact.
Less really is more
Ross McKean, partner, Olswang
Collect and store less data. That’s the easiest way to reduce risk (and) store data smartly – embrace innovation like tokenisation of payment cards. Encrypt!
We must understand our data
Siân John, chief strategist for EMEA, Symantec
Protecting data is the biggest challenge we’re facing today. We’re all storing more and more with massive increases in data.
However, we’re not taking the time understand what our data is, or how sensitive. Many companies say it’s too hard, but if an attacker gets in your network they’ll be motivated to find it.
Common sense rules
Ashley Hurst, partner, Olswang
In my experience, people get too bogged down in what an internal policy document or flow chart says rather than applying basic common sense. For example, a lot of time can be wasted debating whether a “crisis” or a “data breach” has occurred which triggers the response plan.
Diverse storage is not necessarily the answer
Dave Boxall, head of information security, Guardian News & Media
Diverse storage would on the face of it seem sensible but I would argue the common attack point isn’t the data store but the logic that retrieves the data which would allow diversely stored data to be retrieved as a single dataset.
Minimise risk through training
Ross McKean, partner, Olswang
Most breaches are caused by human error or malice; not technology – so training and raising awareness are crucial to minimising risk.
Don’t get your PR wrong
Ashley Hurst, partner, Olswang
Some interesting comments so far on the PR elements of security breach. This I think is where most mistakes are made, either because companies jump the gun before they have the facts (eg “medical data has not been lost”), because there is confusion as to what the facts are, because they don’t say anything at all, or because what they do say, they say to the wrong audience (eg they ignore social media). The key is to be co-ordinated and have a “master of the facts”, someone who has the time to read all the documents and communicate with the lawyers, investigators, PR people etc and make sure they all work together from one central narrative.
Organisations need an effective bring your device (BYOD) policy
Mark Raeburn, CEO, Context Information Security Ltd
Having an effective BYOD policy will be the first step. Robust access control and monitoring is also necessary. Being able to identify and classify data and ensure that there is strong controls in place to prevent cross contamination will also help mitigate part of the risk.
A BYOD policy is an acceptance of a risk, hopefully the risk have been suitably measured and controls put in place.
Think about the security risks of the internet of things (IoT) before installing
Siân John, chief strategist for EMEA, Symantec
I don’t think the IoT is a different problem to anything else. The danger with it is that like every other technological evolution we are installing it first and then thinking about how to secure it afterwards.
As Ross said about SMEs the opportunity is there to bake good process and security in from the beginning. That’s a similar situation to IoT. However, security is never a driver behind the development of a market or business so it usually only comes to play once the market has matured, making security more difficult.
Click here for the full transcript of this live chat, which was sponsored by Olswang.
To get weekly news analysis, job alerts and event notifications direct to your inbox, sign up free for Media Network membership.
All Guardian Media Network content is editorially independent except for pieces labelled “Brought to you by” – find out more here.
