A welcome change to breach notification rules

The news that all UK businesses could soon be forced to disclose data security breaches is a positive step forward in the fight against cyber attacks (EC plans to make all firms report security breaches).

Recent high-profile data thefts such as the Sony PlayStation breach are evidence that the cyber war is intensifying. Mandated public disclosure of data compromise places added pressure on businesses to step up their initiatives to improve security defences and potentially avoid damage to their brands and reputations. In the end, consumer data will be better protected.

The tools and controls now exist to help businesses stop, detect and correct breaches quickly and effectively. The 2011 Verizon Data Breach Investigations Report found that 96 per cent of breaches were avoidable through simple controls, and that 86 per cent of companies even had evidence of the breach in their log files. The problem is that these controls are not being used continuously, and so breaches still occur.

The best possible defence against today’s cyber threat is to unify and automate security controls to ensure continuous data protection. In a complex, dynamic IT environment, only those organisations that create the right security policies and processes, and then enforce policy with the right automated controls to increase visibility of suspicious activity, can reduce attack and better safeguard the business.

Rob Warmack, Tripwire