Every public and private company maintains a set of financial documents to keep track of their assets and liabilities in order to determine their net worth. These reports include financial and non-financial assets as well as all accumulated liabilities in order to determine if the company is profitable or running at a loss. Most companies do not add their cyber security strategy to either of these categories, but effective Chief Information Security Officers are always doing a similar accounting for their cyber security assets and liabilities without realizing they are really just determining their cyber security net worth.
Unfortunately, your greatest security liability is also your greatest asset, namely your people. We’ve also covered “The staggering costs of cyber threats” previously. But do you think that is the extent of your liabilities when cyber breaches occur?
Absolute cost of breaches may extend beyond the cost of the loss. In some cases, your customers may also have cause to create an additional liability for your organization. An article titled “If you’re hacked, what’s your cybersecurity liability?” posted by AICPA reports,
“Meanwhile, federal circuit courts are split as to what constitutes sufficient standing to sue in cyber breach cases. Some courts hold that companies may be liable for damages if client or employee data is stolen, even if the theft causes no harm; instead, it’s sufficient to merely allege that the information was compromised. This broad interpretation will only further increase the risk of cyber liability claims.”
In most cases you would look at your entire security strategy collectively in your asset column. However, it would be wiser to break it down into three primary categories:
- People: As discussed above, your people can be one of your greatest liabilities. However, with an effective security awareness training strategy, you will address the behavioral issues employees sometimes fall into that may open up security vulnerabilities and ensure they are genuine assets instead.
- Product:We have discussed how security solutions have evolved over time so we don’t need to revisit that today. Suffice it to say that the best security product assets will deliver an evasion-proof, cost effective and timely solution that prevents malicious behaviors instead of requiring you to remediate the damage after the fact.
- Process:Don’t forget to optimize business continuity as well as addressing archiving, risk and compliance to protect your organization from spear-phishing, malware, data leaks, data loss and downtime.
Addressing each of these three security asset categories from a holistic approach will ensure a positive cyber security net worth.
Balanced Security Net Worth
Generating a positive cyber security net worth is a function of ensuring safe content in the fastest and most cost-effective manner. Solebit’s SoleGATE (now part of Mimecast) uses a static analysis which is faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. With SoleGATE, every line of code is evaluated, making Sandbox evasion techniques ineffective. On average, Solebit analysis time is between milliseconds up to a few seconds. Network Sandboxes typically take 5-15 minutes to perform the same analysis.
Using deep inspection and analysis methods, SoleGATE is able to interpret and detect code in real time and immediately block threats from penetrating your organization. DvC™ has no assumptions on threat heuristics and behavior and assumes that there is no legitimate reason for executable code to be present in a data file, it relies solely on identifying code existence on non-executables files. Bottom line is that you will finally have safe content!
Check out this whitepaper on an evasion-proof approach against modern cyber-attacks that can keep your content safe. It will outline how to strengthen your cyber defenses dramatically by preventing attacks before they enter and harm your organization, your customers and your brand. Remediation is costly, prevention is not.