Continuous monitoring is enough for compliance, but ISN’T enough for securing data
Every 4,000 miles or so I bring my car into have the oil changed, the brakes checked and tires rotated. Why? Because I know if I leave it to chance, at some point down the road something much more devastating will affect the car. Many of us follow this simple preventive best practice.
Then why is it major corporations and modest enterprises alike wait until their security is breached to address growing concerns of data theft, private information leakage or worse? Many of these companies spend hundreds of thousands of dollars in various security initiatives (especially those bound by a regulatory compliance agency), but still succumb to breaches that cost on average 3.8 million dollars (Ponemon Institute figure) per occurrence to address.
Two instances dropped into my in box this week, a medical center in Long Beach, California and a Medicaid office in New York State both experienced similar types of breaches that, in my opinion, were completely preventable.
It boils down to continuous monitoring…and that practice doesn’t go far enough.