As the information security market evolves and cyber criminals become increasingly sophisticated, capabilities that were once cutting edge have become outdated and new functionality is required to keep pace.
Despite the £billions invested in IT security technology in the last year countless enterprises and government agencies have fallen victim to cyber-attacks of increasing sophistication and complexity. Data theft is a complex and potentially costly issue for all organisations. In the event of a security breach, companies need to take prompt action to investigate, identify and contain the incident, assessing whether the damage can be limited.
The need to invest in staff who understand how to write, implement and review both policies and systems has never been more important for organisations that have critical information assets such as customer data, intellectual property, trade secrets, and proprietary corporate data, the risk of a data breach is now higher than ever before.
An incidence of theft on an organisations data causes significant reputational damage and opens up a raft of legal implications appertaining to both clients and staff alike some of which are outlined in The Data Protection Act 1998 (DPA). The DPA’s rules are quite complex, however one of the key principles of the DPA is that appropriate measures are taken to ensure that the information kept is held securely. A loss of data can be a serious breach of the DPA and can result in formal action by the Information Commissioner which can issue penalties of up to £500,000. On top of this, negligence, if proven can lead to legal action being taken by individual parties.
This growth in data breaches should come as no surprise. In a world where data is everywhere, it has become harder than ever for organizations to protect their confidential information. Complex, heterogeneous IT environments make data protection and threat response very difficult. Yet today's businesses depend on their security teams to ensure that collaboration and sharing by an increasingly mobile workforce remains safe and secure.
Over the past few years companies have at last started to invest more heavily in the infrastructure and resource to mitigate these threats. In the event of a data breach becoming a reality, companies need to react swiftly. It is important to prepare for this by drawing up a breach response plan which details the steps that need to be taken during the containment and recovery stages. This should include a roadmap for evaluating risks and implementing solutions which should be documented, publicised within the organisation and, most importantly, rigorously tested. It’s obviously far better to identify weaknesses in a test environment than a live breach incident.
To find about more about data security please contact Andy Hurley on 01628 857318 or
andy.hurley@bps-world.com.