Knowledgebase
Portal Home > Knowledgebase > Articles Database > Network Security: Why it is not JUST about patches anymore.
Network Security: Why it is not JUST about patches anymore.
Posted by MrMcGoo, 08-05-2014, 04:15 PM We live in the information age for better or worse. Every day more and more devices get connected to the internet, exposing more and more information about your company, your clients or yourself. Gone are the days (if they ever existed) of a benevolent internet full of wisdom and knowledge. Welcome to the age of identity theft, phishing scams and network bots. Any computer attached to any external network, even through layers of other systems, routers or networks has the potential to be exploited. I would be so bold as to say is exploitable, otherwise we would not have the constant release of patches and updates. Simply put, there is just no way to be 100% secure and have the data be of any use at all. So once we accept the fact that we, as companies are susceptible to data breach, what can we do to minimize it? We accept the risks and move on or do we? There are companies that offer to assist in server security (ours included, we can automate Linux Kernel patches and bug fixes without rebooting) but what standard do we need to set to be both data secure and liability secure. The next wave of thought in internet security will not just be patches and fixes, it will be liability. Where companies and corporations need to concern themselves is with the burden of proof that they took every step one could consider reasonably possible to secure the data and information. The liability exposure and most importantly, the degree to which you are held responsible will be based upon you or your companies/corporations ability to successfully argue that all possible measures were taken, using all internal and external sources to protect and secure the data breached. If you can make a case that the event was extraordinary at the time, unforeseen by anyone in advance and not preventable with the available solutions of the day your exposure in a court is minimal. If a plaintiff argues that your security was less then proactive, using less proficient solutions or systems than what was readily available at the time you will then bear a level of responsibility, the amount of which will be determined and surely not in a beneficial way for your company or corporation. The potential loss of business to a data breach is a fraction of the potential impact to the possible judgement a court could hold you liable for. So do your own liability assessment. If you had a data breach today, how defensible are your systems and security? Do you depend on internal resources and product vendors only to handle server security? Are your systems utilizing the best and fastest sources available to patch the inevitable exploits and security holes? Are you at the forefront of thought to protect your customers? Your company should be utilizing the best talent available (internal, external or both) for any and all components of the systems that handle data, from the shopping carts and communication security to the server security down to the systems operating system and kernel. It is time to think about system security on two levels now, not just your responsibility for security and data safety. You also need to consider your liability exposure and how to utilize your commitment to security as protection from the risk that handling any data can hold. Your commitment to security is like an insurance policy, it may not stop an accident from happening but it will minimize its impact or you, your company or corporation. It will protect you from the potentially devastating consequences of both the breach and the responsibility you will be held accountable for. Using the best security methods available, which creates the greatest liability shield is the bullet proof vest of todays litigious society. If will still hurt if you get hit with the bullet of a data breach but it will not be a fatal wound for your company or corporation. And you will live to fight another day
Posted by nibb, 08-06-2014, 12:53 AM I'm not sure if this post is supposed to be advertising or a discussion topic but either way webhostingtalk is the wrong place to advertise a product trying to sell them the liability problem. First of all, not a single company I remember on history was liable so far for security issues, not Microsoft, not Google, nobody. Sure, people sued Sony for their breach and they won, but still tell me one single company where you can read in the terms of service that they are going to liable for security issues? Not a single one. Not even the biggest services will advertise themselves as liable in case of security breaches and certainly not hosting services. Maybe high end managed services, but there are not tons of companies here offering that either.
Add to Favourites 
Print this Article
Also Read
