top of page

Cyber Security is the Kidneys of an Organization

Is security the tail that is wagging the dog or could it be the kidneys?

Kidneys are organs that extract waste from blood and balance body fluids. With no kidney function, death typically occurs within a short time period. The same fatal results are also true for an organization that does not have a properly functioning Cyber Security program. Cyber Security should empower you and your staff by extracting the waste from the being online in a constantly connected state and discard the waste while passing on the needed information. In the same way that kidneys need to balance your body fluids, security should balance the need for information availability, integrity, and confidentiality.

A person can survive without kidneys for a short period of time, and the same is for good cyber security. In today’s world, an organization without cyber security will fail. Someone with failing kidneys can be put on dialysis to bypass the function of normal kidneys, and the same can be said of cyber security. IT can be outsourced or added at the end, but this is not a long-term solution. Cyber security should become a part of everyone’s function as everyone is online and connected to systems. One major goal of the security team should be empowering staff through training and providing resources so they understand how to filter out the waste and use the needed information.

Cyber security professionals should remember that their job is to ensure the availability and integrity of the data, while at the same time helping others to keep protected information confidential.

Security is not effective if we try to add it on after the fact; that is why security should become part of the entire life cycle from the cradle to the grave of any project or program.

“The cost to fix a bug found during implementation was around 6 times costlier than one identified during design. Furthermore, according to IBM, bugs found during the testing phase could be 15 times more costly than during design… Additionally, the complexity of deploying/implementing changes in a live production environment would further increase the overall cost associated with late stage maintenance. ” [1]

Cyber Security professionals need to help users understand the current cyber security risk landscape and give them resources to help them protect themselves and those they serve.

“To ensure that bugs are fixed at an earlier stage within the SDLC, take advantage of the following security testing practices:

  1. Activities such as architecture risk analysis help to identify issues during the design phase of software development.

  2. Use the OWASP best practices quick Reference as a guide for securely writing initial code.https://www.owasp.org/images/0/08/OWASP_SCP_Quick_Reference_Guide_v2.pdf .

  3. Once the code is written for the approved architecture, conduct a source code review to identify issues within the code.

  4. Prior to the software’s release, conduct a penetration test to identify issues and to make sure that issues previously identified are resolved.” [1]

June 2017

SANS Whitepaper Testing Web Apps with Dynamic Scanning in Development and Operations Current Cyber Security Trends:

https://www.sans.org/reading-room/whitepapers/application/testing-web-apps-dynamic-scanning-development-operations-37820

Ransomware attacks worldwide increased by 36 percent in 2017 — with more than 100 new malware families introduced by hackers. [4].

The average amount demanded for a ransomware attack is $1,077, is an increase of about 266 percent. [4].

Emails are now being increasingly used by hackers, and an estimated one in every 131 emails contain a malware. [4].

The research revealed that the victims of identity fraud in the U.S. alone increased to 15.4 million in 2016, an increase of 2 million people from the previous year [5].

At least 43 percent of cyber attacks against businesses are targeted at small companies, and this number is increasing. [6]

More than 4,000 ransomware attacks occur every day.

This is according to data from the FBI [10]. That’s a 300 percent increase in ransomware attacks.

It takes most business about 197 days to detect a breach on their network. Many businesses have been breached and still have no idea, and as hackers get more sophisticated it will only take businesses even longer to realize that they have been compromised [13].

Sources

1. https://www.synopsys.com/blogs/software-security/cost-to-fix-bugs-during-each-sdlc-phase/

2. https://www.microsoft.com/en-us/cloud-platform/advanced-threat-analytics

3. https://www.juniperresearch.com/press/press-releases/cybercrime-cost-businesses-over-2trillion

4. https://www.symantec.com/security-center/threat-report

5. https://www.javelinstrategy.com/press-release/identity-fraud-hits-record-high-154-million-us-victims-2016-16-percent-according-new

6. https://smallbiztrends.com/2017/01/cyber-security-statistics-small-business.html

7. https://www.csoonline.com/article/3200024/security/cybersecurity-labor-crunch-to-hit-35-million-unfilled-jobs-by-2021.html

8. http://www.businessinsider.com/warren-buffett-cybersecurity-berkshire-hathaway-meeting-2017-5

9. https://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/

10. https://www.fbi.gov/file-repository/ransomware-prevention-and-response-for-cisos.pdf/view

11. http://www.businessinsider.com/expert-phishing-emails-2016-8?IR=T

12. https://www.venafi.com/assets/pdf/wp/Venafi_2016CIO_SurveyReport.pdf

Featured Posts
Recent Posts
Search By Tags
bottom of page
Cookie Settings