The past two years have marked a breakthrough in incidents of targeted cyber attacks that were made public. However, currently, companies typically disclose breaches for one of two reasons: either they have to because the attackers have leaked their data, or they must comply with some sort of disclosure law. New guidelines from the Securities and Exchange Commission – while not actual regulations – will likely change all that, which is a good thing when you consider that many companies simply are unable to keep up with the evolving exploits. In the past year alone, we've seen attacks go to the next level, as large, global organizations and government agencies were attacked for commercial, political or military reasons.
“Companies need to combine proactive and reactive security controls to maximize coverage.”
– Bradley Anstis, VP of technical strategy, M86 Security
Public companies already adhere to strong corporate governance, and have to comply with regulations and address irregularities that are flagged or investigated. Breaches should be treated no differently. Companies and their IT departments will have to institute a strong, layered, verifiable security approach to protect their assets and uphold strong brand reputation. While this increase in process may strike some as increased complexity and just one more regulatory hoop to jump through, in the long run, the disclosure laws will actually help companies secure their brand reputation and let consumers make more informed investment choices.
Today's cyber attacks are designed to evade reactive security controls. To meet the challenge of protecting your brand and reducing reporting complexity, companies need to combine proactive and reactive security controls to maximize coverage. This does not mean implementing a bunch of siloed products. Not only does that slow response time when a threat occurs, it makes compliance a real headache. Instead, look for a solution that can correlate threat information to maximize attack intelligence, provide an optimal defense and simplify reporting if a security breach occurs.
While cyber criminals will continue to develop intricate and dynamic attacks, the best defense today is through the combination of best practices, sound security rules and state-of-the-art technologies.