Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

EU companies fear reputation damage with security breach revelations

AlienVault : 30 August, 2013  (Technical Article)
A survey conducted among EU companies reveals attitudes towards IT security breach revelation with 2% willing to make such breaches public, fearing damage to brand or reputation
EU companies fear reputation damage with security breach revelations

Recent research conducted by Unified Security Management supplier AlienVault revealed that only 2% of surveyed EU companies would be willing to go public should they suffer a security breach. Thirty-eight percent opted to inform the relevant authorities and 31% said they would tell their employees. A mere 11% said they would share the information with the security community.

Organisations who suffer a security breach face a Catch 22, said Barmak Meftah, President & CEO of AlienVault. "On the one hand, publicising a breach would help other businesses avoid falling prey to attacks.  On the other, damage to your brand and reputation could be significant."

He says this is even more pertinent when considering the European Commission's proposed overhaul of its data protection laws, that will see companies face fines of up to 2% of their global annual turnover should they suffer a breach. "This would see the fallout from a breach being potentially disastrous not only for a company's good name, but also for their bottom line.”

Another troubling find from the survey was that 5%, when asked 'what is the first thing you do when a new malware hits', said they do nothing at all. Fortunately, Meftah said the vast majority of respondents (52%) said they would research the impact, 31% said they look for a patch and 1% said they wait to see the full impact.

When it came to sharing intelligence with competitors following a hack, the survey revealed that an encouraging 50% said they would share -- 35% said they would be willing to reveal it anonymously, and 15% they would be happy to be named.

"Sharing information about the source and nature of attacks allows the security community to act fast, and quickly isolate malicious or compromised hosts," said Meftah. "In addition, it helps identify attack methods, tools and patterns, all of which help fuel research on new defence technologies."

Meftah says AlienVault created its Open Threat Exchange (OTX) for exactly this reason – sharing threat intelligence. Since it was launched early last year, OTX has expanded to become a place where security professionals can connect with their peers, find free tools for security monitoring, and learn about the latest threats and defensive tactics from industry experts and security researchers.  OTX Reputation Monitor™, included in both AlienVault’s commercial USM product and open source OSSIM project, issues alerts should any member of the community be attacked.

"In this way, the whole community has the intelligence needed to cope with an attack of a similar nature."

"The growing complexity and sophistication of threats make it difficult for security professionals to have a clear view of possible vulnerabilities, threats, and attacks that are out there."

Sharing information can give the security industry a better understanding of these threats, and help them learn about and develop more secure products and services, as well as improve their defences, he added.

According to Meftah, this is clearly illustrated by the responses to another of the survey questions: 'How do you learn about security you need'. Informal communication channels such as blogs (14%), underground forums 6% and through peers at 13% were almost equal to more formal channels. "News web sites numbered only 13%, through partners / resellers 10%, and via education / training, 14%. Those who said through advertising and marketing numbered only 6%, the same number as those who learned through their superiors. Responders who cited using their own research following a problem came in at 16%."

All in all, said Meftah, attitudes are changing. "Security professionals are starting to share more and more. They are getting their information from different sources. AlienVault is aware that the only way to beat cyber criminals is to understand the security landscape as a whole and continue to facilitate this sharing among all security practitioners and the wider security community in general."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo