Mobile Risk: Bring Your Own Data Breach

According to ISACA’s 2012 IT Risk/Reward Barometer: North America, 72 percent of organizations in the US allow (in one way or another) bring your own device (BYOD) in the work environment. This new computing practice exposes businesses to unique risk that can threaten corporate security and reverse the productivity gains that were originally intended. Due to their portable nature and integration with public cloud applications, personal mobile devices greatly increase the risk of data theft or leakage. In fact, a study by Decisive Analytics revealed that nearly half of the enterprises that allow BYOD to connect to their network have experienced a data breach.

Security experts believe the next wave of enterprise hacking will be carried out via mobile attack vectors. As organizations improve defenses against direct network attacks, hackers will move to a path of least resistance and exploit mobile applications to gain backdoor access to enterprise networks through BYOD. In this context, it becomes essential to manage mobile application and device risk, and control their access to trusted networks. So, what are the steps an organization can take to realize the productivity gains and cost-savings associated with BYOD, while proactively managing and mitigating the security risk associated with this practice?

Mobile Risk: Bring Your Own Data Breach >


Forensic Readiness Planning

With all the developments in IT, IT infrastructure and governance, there have been corresponding increases in risk, threats and attacks. It has also become imperative for organizations to respond to attacks and breaches and to ensure that their reputation and assets are safeguarded. The response to such violations is usually legal (or disciplinary when no laws are broken, but internal policies of such organizations are taunted or violated); to achieve this successfully, evidence must be collected and provided in a legally acceptable manner. There are also other claims that can be leveled for or against the organization (e.g. insurance claims, accusations of negligence) that would require presentation of evidence.

Forensic readiness planning helps to ensure that digital evidence is readily available in a legally acceptable manner in the event one of the aforementioned issues occurs.

Read more about Forensic Readiness Planning >


Possible Solutions to DDoS Attacks

Distributed denial of service (DDoS) is one of the most diffused types of cyberattacks and represents a great concern for governments and enterprises today. These attacks are an insidious foe to Internet service providers (ISPs) as these businesses depend on the availability of their web sites for critical business functions and productivity. My recent ISACA Journal article focuses on the types of DDoS attacks, the trend and changing frequency, the business impact and countermeasures that organizations can take to prevent successful DDoS attacks, and building a strategic approach to defend against this growing cyberthreat.

Given the extraordinary and rapid changes in DDoS attack techniques, traditional DDoS mitigation solutions (e.g., bandwidth provisioning, firewall and intrusion prevention systems) are no longer sufficient to detect and protect an organization’s network or applications from sophisticated DDoS attacks.

Read more about DDos attacks >