In a talk at the ISACA EuroCACS Conference in Munich, London Chapter director external relations Raef Meeuwisse described a situation where he had completed a third party audit of a company, and how many of the ‘mega-breaches’ occur because companies fail on the basics.
He said that every major cyber-breach was down to three major or critical security safeguards which were either not in place, or were not fit for purpose. He asked: “Why is it we can identify problems, but not get buy-in to get these fixed?
“People spend a fortune on layers of security but leave something open. Every security department says ‘we’re not particularly good’ and they are doing a great job under the circumstances, in my top ten someone said that they were surprised security culture was not in there, and if there is a sharing culture you can enforce a good security practice, if not it goes the other way.”
No comments:
Post a Comment