You Will Get Breached, Make Sure It Doesn’t Matter
Thoughts from Today’s General Counsel Forum on Data Privacy and Cybersecurity
Last week I had the honor of participating in a panel discussion during a data privacy and cybersecurity forum hosted by Today’s General Counsel. The discussion titled, “Detection/ Prevention vs. Survivability: Building Breach Resilient Systems,” which was attended by attorneys and consultants that provide liability and security advice to major banks and other organizations, took on a lively debate around the major information security challenges facing organizations today.
These types of venues are great because you get to connect firsthand with companies that are dealing with today’s challenging security issues. It pains me to say this, but based on the discussion the biggest security hurdle organizations are having trouble getting over is the — it will happen to them, but not me mentality when it comes to breaches. I find it unsettling that so many organizations want to increase their security posture, yet they continue to look at security through such naïve eyes. The reality is we live and work in an online world and that means that it isn’t a matter of if you will be breached, but when.
Once we got people to come to grips with the reality that they will at some point likely be a victim of a breach, we moved on to discussing how you can still safely operate in such a volatile online environment. No one wants to admit they will become a victim, but once you do you can focus on what needs to be done to protect your assets from today’s sophisticated web-based attacks.
So how does one go about doing that, exactly?
When over 90% of undetected attacks come through the web, the simple answer is to isolate the browser from the desktop and network.
To do this successfully and not impact the way a company conducts business is through virtualization. By using a virtual browser you essentially create a barrier between web-based attacks and the actual computer and network that the user is on. Secure browsers are nothing new, but they are not immune to compromise. With a virtual browser however, it doesn’t matter if it gets compromised. Once the user is done with their online session you close it down and any infections or malicious attacks get erased along with it. Now don’t get me wrong, nothing will ever be a silver bullet, but the more you can do to make it harder on the attacker to do his/her job, the more likely they will simply move on to an easier target.
The other key issue is businesses worry about how security procedures will affect their way of conducting business. If it is too much of an impediment then people won’t adopt it and if your users are bypassing your security measures, it’s like you never implemented them in the first place. The beauty of a virtual browser is that it allows companies to integrate security at the speed of business. Users simply open the virtual browser and go about their normal routine, unaware and unaffected by the security features being utilized to ensure a safe online experience.
By the end of the forum, I am glad to say, I felt more confident that given the right education as to what is out there to help protect organizations from today’s plethora of online attacks, mindsets will change. There are so many innovative security solutions available; security doesn’t need to be a cumbersome and intrusive undertaking. For more information on the benefits of secure virtual browsers, feel free to check out what’s new with Passages at: www.GetPassages.com.
