Hey there, time traveller!
This article was published 11/6/2014 (779 days ago), so information in it may no longer be current.
The kind of resilience Twitter shows after a security flaw in the company's TweetDeck application was exploited on Wednesday will indicate a lot about that company's commitment to cyber-security.
That's according to Tim McCreight, the former executive director of the corporate-information security office (CISO) for the Alberta government.
McCreight was speaking Wednesday at a security briefing in Winnipeg organized by his new employer, Winnipeg-based Seccuris Inc.
Although he did not specifically refer to the Twitter scenario, he did make reference to the lengthy manner in which Target Corp. fumbled with the aftermath of its massive data breach.
McCreight said, "It's not just about protecting data but having a plan in place to deal with getting over it. It's about resilience."
He said one of the reasons that sort of approach is advisable is because of the increasing likelihood an organization will experience some sort of data-security breach.
And it's not just the large companies that need to be planning for such events.
The growth in the volume of digital data that is of critical importance to even small- and medium-sized company's livelihood means those smaller companies are having to address the same challenging issues that were once only the concern of larger companies.
Steve Croucher, an information security account executive with Seccuris, said, "Hackers are not necessarily going after the big U.S. defence companies like Lockheed Martin or Raytheon, they are going after their smaller partner companies or suppliers who have access to Lockheed Martin's network."
He pointed out it was an HVAC supplier to Target that was the source of the serious breach that left millions of Target customers' credit card information vulnerable.
He said it is unwise to discount the resourcefulness of organized crime. There have been occasions where criminal enterprises have planted USB thumb drives in the parking lots of targeted organizations.
"People see them and want to know what they found and plug it into their secured network through their work desktop with their morning coffee," he said.
"And guess what, that can introduce viruses and malware into the network."
Croucher and McCreight are part of a growing number of new hires at Seccuris, which is becoming known as one of the leaders in the cyber-security field.
As the former head of Alberta's CISO, McCreight said he had a lot of professional opportunities but chose Seccuris because the company is already seen as a leader in the field.
Among other things, he said professionals in charge of IT security for organizations have to realize they can't do it all themselves. He said when he was with the Alberta government, he sought trusted advisers, such as Seccuris, to provide an expert set of eyes on the organization's network for certain kinds of oversight.
Seccuris opened its U.S. headquarters in Dallas just 18 months ago and the company was already included in the latest list of the 20 most promising enterprise security consulting companies by CIO Review magazine, an influential U.S. trade publication.
McCreight said managing data-security risk is not so much an exercise in locking down an organization's network as it is arriving at a better understanding of how a business works and identifying the organization's most critical data.
McCreight said when he was with the province of Alberta during the time personal mobile devices such as smartphones and tablets were being introduced into the workplace, he realized instead of protecting the devices, a layered protection of the most critical data was more important.
"We have lost the endpoint," he said.
While having the right technology in place is important, he said raising awareness of security issues throughout the organization is necessary for an effective security environment.