Cybercrime: How organizations can protect themselves
August 17, 2012 —
(Page 6 of 6)
Related Search Term(s): cybercrime, security
How important is it for the security and business folks to be on the same page?
Certainly within a cyber security environment, it is about how you engage with the business and get the business to understand that these are not isolated information security issues. They do have large business impact. And, unfortunately, we have some very good examples that are very, very public about the kind of impact that these sorts of things can have on the business. So if we look at, say, the global payments issues that happened recently, there was a very clear impact on stock price within about 24 hours of the global payment people announcing that they’d had a breach; their stock price took a very significant dive. And the massive attack last year on the credentials of Sony PlayStation users would be another example, for instance, of how you can point to different organizations that have suffered from an attack and the impact that that has had, on either the ability of the business to function or on stock value and price.”
How do budgets affect security decisions?
It is about the fact that, increasingly, pretty much every enterprise that you talk to is still operating with limited budgets, which means having to make very hard decisions as to where to spend those dollars. And those have to be business decisions. And so we’re seeing a move of security people not just being able to focus on the security or technology, but also having to articulate some of these risks in a language that the business can understand in order to position it within that business context and, therefore, make the right determinations as to whether or not budget should be made available to address some of these issues.
How can software development managers handle security issues?
From a software development standpoint, you have to look at whether you’re outsourcing some of that development or whether you’re doing it all in-house. If you’re outsourcing it, where are you outsourcing it to? What are the checks that you’ve got in place to make sure that the code that is coming back is—I don’t want to use the word safe, but at least, has it been tested? And so, therefore, if we go back to the budget issue, if you have to do extensive testing on code that has come back in from an outsourced provider, is it still cost-effective to outsource it, or would you better advised to retain it in-house and produce it in-house? So it’s those sorts of decisions that people then get into in terms of, where do I have my code written and how do I manage that third-party process?