The c-words that curse data breaches

Summary:Behind every security failing are the same recurring themes that companies large and small need to address, says Alan Calder

...know their supply chain and other business partners are resilient against cyberattack. Many companies will insist ISO27001 is implemented and independently verified before entering into deals with partners.

New regulations in India, for example, make accredited certification to ISO27001 the default means for organisations to demonstrate compliance with data protection laws. Other countries are sure to follow India's lead. Failure to meet the required standards could cost you major contracts.

Organisations strengthening their information and communications infrastructure should also be implementing UK standards for business continuity and resilience — BS25999, ISO27031 and ISO24762.

In the current economic climate, many companies are inevitably focusing on maximising revenues in the short term, controlling overheads and managing cashflow. Unless you focus on computer and data security too, though, you are placing your entire business at risk.

IT security improvement programme

No organisation should delay in implementing an IT security improvement programme. If you are not really sure if your business is as secure as possible, there is every chance you are actually far short of the requirements.

Let us end where we began, with another c-word — cost. It takes a long time before a company can truly comprehend the cost of a security breach. Immediate loss of revenue through service shutdown, alongside compensation packages, will only represent part of the impact.

The ultimate cost of complacency, in long-term brand and reputational damage, could be enormous. Every company and organisation must be aware of the dangers of computer crime. The threats are real — and if you are not properly prepared, you could be tomorrow's victim.

Alan Calder is chief executive of information security training and consultancy IT Governance. He is a leading author on information security and IT governance issues and an authority on ISO27001, formerly BS7799, the international security standard, about which he has co-written with Steve Watkins the compliance guide, IT Governance: A Manager's Guide to Data Security and ISO27001/ISO27002.

Topics: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.