Skip to main content

Information Security: How can companies actively protect themselves?

August 06, 2012

I have long held the opinion that, in order to protect our information assets, sitting back and waiting for something to happen is a poor strategy to follow. After all, “The best defense is a good offense.” You can also feel free to include any other offense inspiring cliché that might fit there. How does a company go about actively protecting itself without breaking laws and putting themselves further into harm’s way?

It was my youthfulness that made me think that if an asset was attacked, then it was acceptable to retaliate in some way. That is to say, if you have the resources and knowledge to do it, regardless of who was attacking the asset, then go out there and retaliate, “eye for an eye” type stuff. This thought changed over time, as I came to realize that a hacker with malicious content has an ample amount of time to retaliate as a result, some refer to that as “spanking”. The inability to go on that type of offensive is really just a pipe dream since most corporations do not have the resources to even consider that, mostly because its illegal, nor would I really recommend it.

My thoughts never changed on the subject, however. I wondered, “Is there something we, as Information Security professionals could do?” Merely resigning yourself to assuming your assets are already compromised or that it’s only a matter of time is maddening.

Recently, I read an article by William Jackson that went into RSA Executive Chairman Art Coviello idea that Information Security should be jumping on the big data bandwagon. That is an interesting thought, and given RSA’s issues I can imagine why they would want to take some sort of proactive stance. The RSA issue I speak of was as a result of a phishing attack that resulted in a zero day vulnerability being installed on a RSA employee machine. This then allowed the attacker to steal user passwords and access sensitive data, which resulted in sensitive files getting spirited away.

Big data is a term that describes mass amounts of data that exceeds the capacity most conventional databases. If a company can manage to analyze mass quantities of data, they can pull out hugely valuable trends and insights. This is an interesting prospect for Information Security; many companies certainly gather a lot of data with the use of SIEMs and other security devices. Think of all the data that could be generated off of routers and switches; information flow, could be, and is endless. 

How, though, do companies go about turning that data into, as Coviello says, “actionable intelligence”? For starters, it’s no surprised that corporations are tight lipped about data in general, and in turn won’t simply share security data. Let’s assume though, that by some miracle, companies figured out how to share data. The use of cloud computing, aka shared computing environment could certainly assist if the white hat InfoSec community talked more concerning useable data. The black hat community has already been sharing information for years and has been a huge reason as to why they have been winning the war.

Can we share data successfully across the private sector that could help protect ourselves? Do we have the ability to play well with each other and stop attacks that Google and RSA were victims to?

I remain optimistic that the InfoSec community will be able to pull together and function in such a way that benefits the whole. The private sector needs to, however, come up with something that works together and not have the government force a framework on it. There are a few organizations that provide a forum for the private sector to share information, these include; Infragard, OWASP and PCI Security Council. Although not on the level of information sharing we need to see, it’s definitely a step in the right direction.

Related Blogs

January 05, 2013

A Winning Information Security Awareness Program | Optiv

If you work with credit cards, personal identity information or other confidential information, chances are you are required by law to provide your em...

See Details

December 10, 2014

Building an Information Security Program from Scratch | Optiv

The unfortunate reality of today’s business world is that information security breaches are an everyday occurrence. A quote that is thrown around in t...

See Details

March 19, 2015

Balancing Information Security and Usability | Optiv

One of the most difficult things security leaders do every day is balancing the scales between keeping their organization’s critical assets safe and e...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.


Privacy Policy

Related Insights

October 06, 2017

Managed Security Services - Service Guide

Learn about our flexible and scalable services to improve your security capabilities.

See Details

July 21, 2015

Data Security Solutions

Learn how we can help secure your date throughout its lifecycle.

See Details

July 21, 2015

Network Security Solutions

Learn how we help protect your environment while maintaining connectivity.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.

Subscribe

Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.