ipl-logo

Unending Security Breach Paper

1961 Words8 Pages

The Unending Security Breach?
Introduction:
Of course, we know that companies don’t seem to protect themselves from cyber threats as they should; which begs the question as to why and are they getting better? Whether the companies learn their lesson or not, can provide an example for other companies. The reasons that companies provide a low budget for cyber security, how cyber security is now, what would be a way to implement cyber security to make it affordable, and what companies need to work on to improve their cyber protection; these will be discussed in this paper to inform those reading how things are going and where they could go.
Background Paragraph: A study in 2011,”by the Ponemon Institute found ‘that 73 percent of companies surveyed …show more content…

They don’t have a real grip of what direction to go with cyber security, so they either determine what they may need, then forget about it, or they hire a private security company to provide them with cyber protection. With an executive order being announce to give companies an option framework for their cyber security:
In February [2014], the White House issued a voluntary cyber security framework to serve as a how-to guide for organizations that run the country's critical infrastructure including those in the energy, oil and gas, telecommunications, drinking water, food production, public health, transportation and financial services sectors... The framework is voluntary, and it is too early to tell whether organizations will find it useful and adopt it. Many large or sophisticated organizations will likely find that the maturity of their existing practices outpaces it. However, small to medium size organizations will likely find the framework a suitable starting point for developing best practices. …show more content…

"Until this point, unless you were in a highly regulated industry like nuclear power or healthcare, every dime you spent on cyber-security was one you really had to justify to your shareholders, because you had no regulatory obligation to do it,” Cate says. “Cyber-security is expensive. You really had to make the case that you are under attack, and nobody wants to make that case publicly. Now they have a legal peg to hang their hat on.” The executive order was created to give companies some point of reference when dealing with cyber security. Now that companies don’t have to worry that they will lose shareholders because they increased their cyber security budget. As of the writing of this paper, there has not been any updates on how the executive order has helped companies. “’ If companies take a solely compliance view, they fail almost all the time, because they do just enough to get by and then they are shocked that they were hacked,’ Bissell says. ‘I still see a lot of companies that do just enough to get by that are breached with very basic stuff.’”

Open Document