Townsend Security recently asked data security expert Kevin Beaver, CISSP, to contribute his extensive knowledge and expertise about the current climate of data security to our most recently published eBook, Turning a Blind Eye to Data Security (Mending the Breakdown of Communication Between CEOs and CIOs).
In his article, Kevin inspires CEOs to ask some critical questions about data security such as:
- Who is in charge of data security at your organization?
- Is there transparency and communication across your organization when it comes to data security?
- Who will be held responsible in the event of a data breach?
- Why do we keep talking about the need for better data security but nothing seems to be getting done?
With these questions in mind Kevin Beaver leads us into a discussion on how both IT administrators and business executives avoid critical conversations about data security and why this poses a huge business risk to organizations.
“When it comes to information security, many people within a business – from executives to end users – often assume that security is a technical issue that falls under the umbrella of duties performed by the IT department. These IT administrators manage network firewalls, clean up virus outbreaks, and manage the IT infrastructure. These tasks are often so far removed from the actual goings-on of the business, that few people in the company—including the CEO—truly understand the ever-evolving complexities of IT infrastructure and security.
With little understanding of these systems, networks with sensitive data are left unsecured and at risk to hackers, network failures, and employee mistakes. Today, an average data breach costs a company $5.5 million. At this price, information security is not an IT problem. It’s so much more.
The Ponemon Institute surveyed 1,894 people in 12 countries in its 2012 State of Global IT Security study and found the main reasons why the appropriate steps are not being taken to improve information security are 1) insufficient resources, 2) it’s not a priority issue and 3) lack of clear leadership.
However, in most situations, good information security is achieved with easily accessible and simple solutions. In fact, in a 2012 study on data breaches, Verizon found that 96% of security attacks were not highly difficult, and were easily preventable. If security attacks are preventable, why are so many breaches occurring every year...”
Download the eBook to read more!
Kevin Beaver is an independent information security consultant, expert witness, author, and professional speaker with over 24 years of experience in IT - the last 18 of which he’s dedicated to information security. Before starting Principle Logic in 2001, he served in various information technology and security roles for several healthcare, e-commerce, financial firms, educational institutions, and consulting organizations. Kevin Beaver has written 32 whitepapers, over 600 articles, and authored/co-authored 10 books on information security. Visit Kevin’s blog to learn more about information security, and his website to learn more about his business, Principal Logic.