Data Breaches from hacking incidents in 2015 are more than previous 3 years combined. Expert provides tips to secure information.
Columbus, Ohio (PRWEB) September 17, 2015
This year will be one of the worst years ever for data breaches since they've been recorded. There have been close to 132 million records breached just from hacking incidents alone in 2015 (privacyrights.org). That is close to double the 67 million breaches that were seen in 2014, and more than fourteen times the 2012 data breach numbers. So how do companies keep their shareholders, customers, and stakeholders information protected in an IT world that seems to be impossible to protect? A former Chief Information Security Officer and IT Security Expert, Matt Santill, provides some useful tips for organizations struggling to stay out of the headlines in this highly complicated world of IT security. Mr. Santill is available for interviews, and additional tips for media outlets throughout the United States.
Actionable Security Tips:
"Organizations with a solid vulnerability management program in place will reduce the risk of a data breach by more than 50%," says Santill. Tools such as Nessus, Rapid7, and Qualys are recommended for regular scans of servers and computer equipment in order to detect the known security holes. Santill goes on to say that the most effective tool in the arsenal will be a competent IT security team that stays up to date on the latest threats. "A knowledgeable security team that researches, tracks, and remediates security holes will be the ultimate success factor for any company." Santill recommends that organizations without a team look into a Managed Security Services Provider(MSSP) that assists with the vulnerability management process.
Security Awareness Training
"One of the leading factors in data breaches is a lack of employee education," says Santill. Santill recommends continuous security awareness training through the use of email bulletins, posters, and newsletters. In addition to marketing security, Santill says that all organizations must have mandatory security awareness training courses annually for all of their personnel. "This has the biggest impact on the security posture of an organization hands down. It is often a requirement for the common privacy regulations. It is also the least expensive way to reduce the risk of a data breach." The researcher recommends online security training courses for organizations too large to conduct the training in person. "SANS Securing the Human is a great option, InfraGuard is another good and inexpensive option for general training", Santill says. Santill goes on to say that the most effective security training programs are tailored toward the organization's operational functions, applications, and industry.
The final tip includes what Santill believes is the item that most organizations are lacking today, and that is the visibility into their environment. "I'm always surprised to see how many organizations are not actively monitoring for security events on their most critical systems. You have a good chance of detecting a hack attempt before it becomes a serious data breach. If you don't have a team that actively monitors for security threats, you probably aren't going to prevent a hacker from gaining access to your systems." Santill says that even though it sounds like commonsense to monitor your systems, a lot of companies just aren't doing it. Santill recommends that all organizations invest in a Security Information and Event Management System (SIEM). "A SIEM will collect logs from all systems, correlate the logs, and then create security events IT can take action on." Santill admits that a SIEM, along with knowledgeable security analysts, can come with a high price tag, but insists it is a necessity in order to secure an organization against a data breach. "We now have providers such as Managed Security Services, LLC and others that handle all aspects of monitoring without the overhead of 24x7 personnel, or the cost associated with the security tools." Santill mentions that Managed Security Services companies have really played a big part in allowing organizations to meet the monitoring requirements without increasing costs.
About Managed Security Services LLC
Managed Security Services offers complete out-of-the-box security programs for customers in the United States. Their services include Log Monitoring, Data Breach Detection, Virtual CISO, Vulnerability Management, Breach Incident Response, Compliance Programs, and Risk Assessments.They are one of the only MSSP providers that assign dedicated security personnel to each customer.
Matt Santill : 786-266-7388