A recent survey conducted by Lieberman Software Corporation at Microsoft Ignite 2015 (2015 IT Professional Survey) found that IT professionals are concerned by the way cyber threats are treated by their employers.
Among the report’s findings is the statistic that “87% of respondents think that huge financial hacks are happening more often than reported” – an unsurprising figure when considered alongside another recent survey, which found that 20% of professionals believed their company to have concealed a data breach incident.
With the resurgence of the Dyre banking malware, the continued preponderance of banking and PoS malware attacks, and the news that one-third of banks don’t mandate minimum cybersecurity levels for third-party vendors, it’s clear that the risks faced by the financial sector are not going away.
IBM and Ponemon Institute’s 2015 Cost of Data Breach Study: United States estimated the total average cost of a data breach to be $6.5 million for US organizations, and reputational damage is widely cited as the single biggest threat to breached organizations. It’s obvious that more needs to be done to encourage US corporations to be more open about such incidents and to implement better security practices to counter cyber threats.
As I blogged last week, even though there is still no single federal data breach notification law, seven federal bills have been proposed so far this year and three states (Connecticut, Oregon and Washington) have recently enhanced their breach notification laws. In addition to these, there is a host of industry-specific laws and regulations requiring organizations to secure the data they process.
International information security best practice
The best – and easiest – way for US organizations to fulfill their data security obligations and avoid the costs associated with suffering a data breach is to implement and maintain an information security management system (ISMS) as laid out in the international information security management standard ISO 27001.
ISO 27001 presents a comprehensive and logical approach to developing, implementing, and managing an ISMS, and provides associated guidance for conducting risk assessments and applying the necessary risk treatments.
The additional external validation demonstrated by accredited registration to ISO 27001 will improve an organization’s cybersecurity posture while providing a higher level of confidence in customers and stakeholders, which is essential for securing certain global and government contracts.
IT Governance has created four ISO 27001 implementation solutions to give US organizations online access to world-class expertise. Each fixed-priced solution is a combination of products and services that will enable you to implement ISO 27001 at a speed and budget appropriate to your individual needs.