Guest Editorial by Bal Heroor, CEO and Principal at Mactores
Picture the scene. It’s 11:00 P.M. and an urgent board meeting has just been called for a Fortune 500 company headquartered in Manhattan.
Board members arrive and are ushered into the board room where a palpable sense of dread begins to take hold over what could be the cause of this urgent late-night meeting.
As a helicopter begins to land on the building’s rooftop, the company’s CEO, CFO, CMO, and CIO arrive at the board room and take their seats.
The silence is broken by the CEO as he asks everyone to read a piece of paper in front of them before the discussions begin.
The paper reads, “Credit Nine share prices hit the lowest point after approximately 400 market days. Share prices fall -10.8% and will underperform the NASDAQ by -8.5%.”
As the reality of this begins to sink in, discussions erupt as everyone tries to understand the reasons behind this sudden shock to the company’s value. The CEO asks the CISO to take the chair and explain the situation to everyone.
Her words strike like a bolt out of the blue – a major data breach has struck the company.
While the above scenario might seem like a scene out of a movie, this is the reality for companies who fall victim to a data security breach. The results can have a dire effect on not just a company’s value, but also its brand image and reputation.
How do data breaches like this happen and what can organizations do to better protect themselves?
The costs of a data breach
According to IBM’s 2022 Cost of a Data Breach Report, the average cost of a data breach worldwide was $4.35 million.
In the U.S., it was more than double that: $9.44 million, the highest of any country in the world.
(In September of 2027, credit-reporting company Equifax disclosed that they had experienced a major data breach, affecting up to 143 million people, joining Yahoo, Myspace, Target, LinkedIn, and more on the list of largest data breaches in history. Courtesy of CNN Business and YouTube. Posted on Sep 7, 2017.)
Moreover, it takes an average of 207 days for an organization to identify a breach and a further 70 days to contain it.
Put another way, this means that if a breach occurred on January 1, it would take until October 4 of that year before it was identified and fully contained.
In all that time, the targeted company can suffer significant consequences, which include:
Revenue loss
-
Data breaches can result in significant revenue losses due to work disruptions, system downtime, and lost customers. According to IBM’s report, the average revenue loss from a data breach was $1.42 million in 2022.
Loss of trust
-
Customers share a lot of sensitive information with the businesses they work with. When a data breach compromises that information, it can take years for an organization to recover from the loss of trust.
Loss of intellectual property
-
While hackers usually target banking information, they can also go after an organization’s trade secrets, blueprints, and other sensitive intellectual property.
-
It is believed that a significant proportion of data breaches are committed by state-backed hackers, often with the goal of extortion or other corporate espionage.
Hidden costs
-
The surface-level costs of a data breach are just the beginning. There are also hidden costs in the form of legal fees, public relations expenditures to mitigate reputational damage, and regulatory fines.
-
In one example, Equifax agreed to pay $575 million in a settlement with the Federal Trade Commission for a data breach involving the personal and financial information of nearly 150 million people.
(Millions of Americans were eligible for free credit monitoring or $125 due to a settlement with Equifax. Courtesy of ABC Action News and YouTube. Posted on Jul 26, 2019.)
Online vandalism
-
Some hackers are not out to steal anything. Instead, they simply wish to sow chaos by changing or adding content, often vulgar, to a major organization’s website. This might seem relatively harmless, but it can still do a lot of damage to an organization’s reputation.
Data security and big data
The average data breach can take only a few minutes to execute, less time than it takes to change your password.
Therefore, it’s in every organization’s best interests to place a high priority on securing its data.
Unfortunately, maintaining that security becomes a challenge when data security meets big data. Today, companies typically deploy static role-based access control (RBAC) policies that restrict user access to certain data based on the role of the user.
For example, a hospital may have an RBAC policy in which doctors can view and update every section of an electronic health record (EHR), whereas nurses can only modify particular sections but not others.
It’s a secure system but it requires a lot of back-office work in which access permissions need to be assigned and approved.
We have found that growing organizations that are increasingly relying on Machine Learning, AI, and advanced big data analytics have particularly intense challenges in maintaining data security.
These advanced tools provide these companies with more accurate decision-making in a competitive marketplace.
However, these companies need data to get the most out of these analytic tools, but access to that data is hindered by an organization’s RBAC policy.
On the other hand, any loosening of the RBAC policy can create security vulnerabilities that may result in a data breach.
The obvious question this conundrum raises is this: How can an organization be more agile with its data yet still be extremely secure?
Achieving data agility while still maintaining security
Answering the above question may require a radical rethink on the use of RBAC policies, which are far from being the only game in town. For instance, attribute-based access control (ABAC) and policy-based access control (PBAC) provide two viable alternatives to data control that are well worth considering.
Unlike more static forms of data control, ABAC relies on a combination of attributes to match users with the data they need to do a job. These attributes can be based on user demographics such as name, job title, and security clearance, or environmental specifics such as the time of day, location of access, and threat levels.
By basing access control on easily adjustable attributes rather than roles, ABAC provides a far more flexible approach to data control while still keeping a tight lid on security.
Similarly, PBAC provides a more flexible approach to access control based on certain policies and procedures.
Both ABAC and PBAC are essentially interchangeable in how access control is based on changeable attributes, though PBAC is a little less IT intensive in the resources and time it requires to set up. By embracing an ABAC or PBAC model, organizations can maintain their data security while also allowing for more data agility to power their use of big data analytics.
Final thoughts
Every organization wishes to stay ahead of the game and remain competitive. However, in their efforts to achieve that, many organizations put their customers, employees, and partners’ data at risk.
Fortunately, there are modern data security policies that can allow a company to remain competitive while still safeguarding its sensitive data.
No data security policy is ever a perfect one, but with an ABAC or PBAC policy, companies can continue to grow and digitize without worrying unduly about any data vulnerabilities that their growth might be creating.
About the Author
Bal Heroor, CEO and Principal at Mactores, has led over 150 business transformations driven by analytics and cutting-edge technology. His team at Mactores are researching and building AI, AR/VR, and Quantum computing solutions for business to gain a competitive advantage.
Related Technologies…
CyberArk Identity Security Platform Takes Platinum in 2022 ‘ASTORS’ Awards Program
American Security Today’s Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program, and now entering it’s Eighth Year, continues to recognize industry leaders of Physical and Border Security, Cybersecurity, Emergency Preparedness – Management and Response, Law Enforcement, First Responders, as well as federal, state and municipal government agencies in the acknowledgment of their outstanding efforts to Keep our Nation Secure.
CyberArk
Best Identification Management Solution
-
CyberArk Identity Security Platform
-
The CyberArk Identity Security Platform is an end-to-end identity access management solution that enforces privilege, enables access, and secures DevOps.
-
The CyberArk Identity Security platform is centered on privileged access management and offers the most complete and flexible set of least privilege-based identity and access capabilities, and is used to protect agencies across all three branches of the U.S. federal government – including multiple Department of Defense deployments
-
The CyberArk Identity Security platform is centered on privileged access management and offers the most complete and flexible set of least privilege-based identity and access capabilities, and is used to protect agencies across all three branches of the U.S. federal government – including multiple DoD deployments.
-
CyberArk delivers a comprehensive privileged access management solution designed to eliminate advanced cyber threats by identifying existing privileged accounts across networks, then proactively managing, monitoring, and protecting those accounts to reduce risk and improve security and compliance.
-
CyberArk continuously scans and monitors environments to discover and manage privileged credentials, isolates those credentials, so they are never exposed to an end-user, isolates privileged sessions to safeguard critical systems, and automatically records and stores those sessions to enhance audit capabilities.
(In today’s hybrid and multi-cloud world, where every identity represents a potential attack path to an organization’s most valuable assets, traditional network barriers are not enough to secure the perimeter. That’s the importance of a robust Identity Security strategy. See how your organization can embrace a Zero Trust approach to protecting an ever-expanding number and diversity of identities. Courtesy of CyberArk and YouTube.)
- *CyberArk was also recognized as a 2021, 2020, 2019, and 2018 ‘ASTORS’ Awards Champion in the Annual Homeland Security Awards Programs, respectively.
Homeland Security remains at the forefront of our national conversation as we experience an immigration crisis along our southern border and crime rates that are dramatically higher than before the Pandemic across the United States.
These challenges have become a national priority with an influx of investments in innovative new technologies and systems.
Enter American Security Today, the #1 publication and media platform in the Government Security and Homeland Security fields, with a circulation of over 75,000 readers and many tens of thousands more who visit our AST website at www.americansecuritytoday.com each month.
The pinnacle of the Annual ‘ASTORS’ Awards Program is the Annual ‘ASTORS’ Awards Ceremony Luncheon Banquet, an exclusive, full-course plated meal event, in the heart of New York City.
This year’s exclusive sold-out ‘ASTORS’ luncheon featured representatives of law enforcement, public safety, and industry leaders who came together to honor the selfless service of those who stand on the front lines, and those who stand beside them – providing the capabilities and technologies to create a safer world for generations to come.
This year marks the 20th anniversary of the Department of Homeland Security (DHS), which came out in force, to discuss comprehensive collaborations between private and public sectors that have led to the development of intelligence and technologies which serve to protect our nation.
The continually evolving ‘ASTORS’ Awards Program emphasized the trail of Accomplished Women in Leadership in 2022, as well as the Significance and Positive Impact of Advancing Diversity and Inclusion in our Next Generation of Government and Industry Leaders.
The keynote address was provided by U.S. Customs and Border Protection (CBP) Office of Field Operations (OFO) Deputy Executive Assistant Commissioner (DEAC) Diane Sabatino, who described the changes to CBP through the tragedy of 9/11 and the relentless commitment to its mission and ongoing investment in the latest technologies and innovations to protect our borders and Homeland.
The resounding theme of the DEAC’s remarks was her pride in the women and men of the CBP and their families who support them.
AST was also joined by Legendary Police Commissioner William Bratton, who spoke, as always, about his love for the City of New York, the Profession of law enforcement to which he has dedicated his life, and for which he continues to drive thought leadership and innovation.
New York City Police Department (NYPD) Chief of Department Kenneth Corey, came out to address Luncheon attendees and shared some of his experiences and the changes in policing he’s witnessed over his more than three decades of service.
FDNY Chief Joseph Jardin honored the men and women of the FDNY, not only those who currently serve but all of those who have selflessly served, with a special recognition of those lost on 9/11.
Chief Jardin spoke about the continuing health battle of many following 9/11 with cancer and respiratory disease, yet now knowing the full consequences, would not have made a different decision to respond.
As Chief Jardin noted, mission-driven service is in the lifeblood of every firefighter, volunteer and sworn and has been so throughout the history of the Fire Service.
Former head of the FBI’s active shooter program, Katherine Schweit joined AST to sign complimentary copies of her book, ‘STOP THE KILLING: How to End the Mass Shooting Crisis,’ thanks to the generosity of our 2022 ‘ASTORS’ Awards Sponsors.
The 2022 ‘ASTORS’ Awards Program was Proudly Sponsored by NEC National Security Systems (NSS), ATI Systems, Automatic Systems of America, guardDog AI, Fortior Solutions, IPVideo Corporation, Rajant Corporation, RX Global, and SIMS Software!
We were pleased to welcome the esteemed New York City Fire Department (FDNY); the New York City Police Department (NYPD); and the NYC Hospital Police, as well as Executive Management from the U.S. Cybersecurity and Infrastructure Security Agency (CISA), and many other DHS agencies, Federal law enforcement agencies, and private/public partnerships such as the National Association of Women Law Enforcement Executives (NAWLEE), the 30×30 Initiative, a coalition of professionals advancing the representation of women in policing; and Operation Lifesaver, Inc. (OLI) (rail safety advocates).
The prestigious Annual ‘ASTORS’ Homeland Security Awards Program highlights the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition and keep our Nation safe – one facility, street, and city at a time.
In 2022 over 240 distinguished guests representing Federal, State, and Local Governments, and Industry Leading Corporate Firms gathered from across North America, Europe, and the Middle East to be honored among their peers in their respective fields.
Each year, to keep our communities safe and secure, security dealers, installers, integrators, and consultants, along with corporate, government, and law enforcement/first responder practitioners, convene in New York City to network, learn and evaluate the latest technologies and solutions from premier exhibiting brands at ISC East, the Natural Disaster & Emergency Management Expo (NDEM EXPO), and the ASIS NYC Expo.
ISC East is the Northeast’s leading security & public safety event, hosted in collaboration with sponsor Security Industry Association (SIA) and in partnership with ASIS NYC.
Corporate firms, the majority of which return year to year to build upon their Legacy of Wins, include:
Advanced Detection Technologies, AMAROK, ATI Systems, Axis Communications, Automatic Systems, BriefCam, Canon U.S.A., Cellbusters, CornellCookson, CyberArk Fortior Solutions, guardDog.ai, Hanwha Techwin of America, High Rise Escape Systems, IPVideo Corporation, Konica Minolta Business Solutions, NEC National Security Systems, NICE Public Safety, OnSolve, PureTech Systems, Quantum Corporation, Rave Mobile Safety, Regroup Mass Notification, Robotic Assistance Devices, Rajant Corporation, SafeLogic, Select Engineering Services LLC, Singlewire Software, SolarWinds Worldwide, Teledyne FLIR, Valor Systems, and West Virginia American Access Control Systems, just to name a few!
Why American Security Today?
The traditional security marketplace has long been covered by a host of publications putting forward the old-school basics to what is Today – a fast-changing security landscape.
American Security Today is uniquely focused on the broader Homeland Security & Public Safety marketplace with over 75,000 readers at the Federal, State, and local levels of government as well as firms allied to the government.
American Security Today brings forward a fresh compelling look and read with our customized digital publications that hold readers’ eyes throughout the story with cutting-edge editorial that provides solutions to their challenges.
Harness the Power of the Web – with our 100% Mobile Friendly Publications
AST Digital Publications are distributed to over 75,000 qualified government and homeland security professionals, in federal, state, local, and private security sectors.
‘PROTECTING OUR NATION, ONE CITY AT A TIME’
AST Reaches both Private & Public Experts, which is essential to meeting these new challenges.
Today’s new generation of public safety and security experts need real-time knowledge to deal with domestic and international terrorism, lone wolf attacks, unprecedented urban violence, shifts in society, culture, and media bias – making it increasingly difficult for Homeland Security, Law Enforcement, First Responders, Military and Private Security Professionals to implement coordinated security measures to ensure national security and improve public safety.
These experts are from Government at the federal, state, and local levels as well as from private firms allied to the government.
AST provides a full plate of topics in our AST Monthly Magazine Editions, AST Website, and AST Daily News Alerts, covering 23 Vital Sectors such as Access Control, Perimeter Protection, Video Surveillance/Analytics, Airport Security, Border Security, CBRNE Detection, Border Security, Ports, Cybersecurity, Networking Security, Encryption, Law Enforcement, First Responders, Campus Security, Security Services, Corporate Facilities, and Emergency Response among others.
AST has Expanded readership into integral Critical Infrastructure audiences such as Protection of Nuclear Facilities, Water Plants & Dams, Bridges & Tunnels, and other potential targets of terrorism.
Other areas of concern include Transportation Hubs, Public Assemblies, Government Facilities, Sporting & Concert Stadiums, our Nation’s Schools & Universities, and Commercial Business Destinations – all enticing targets due to a large number of persons and resources clustered together.
To learn more about ‘ASTORS’ Homeland Security Award Winners solutions, Be On the LookOut for the 2022 ‘ASTORS’ CHAMPIONS Edition Fully Interactive Magazine – the Best Products of 2022 ‘A Year in Review’.
The Annual CHAMPIONS edition includes a review of ‘ASTORS’ Award Winning products and programs, highlighting key details on many of the winning firm’s products and services, including video interviews and more.
It will serve as your Go-To Source throughout the year for ‘The Best of 2022 Products and Services’ endorsed by American Security Today, and can satisfy your agency’s and/or organization’s most pressing Homeland Security and Public Safety needs.
From Physical Security (Access Control, Critical Infrastructure, Perimeter Protection, and Video Surveillance Cameras and Video Management Systems), to IT Security (Cybersecurity, Encryption, Data Storage, Anti-Malware, and Networking Security – to name a few), the 2021 ‘ASTORS’ CHAMPIONS EDITION will have what you need to Detect, Delay, Respond to, and Mitigate today’s real-time threats in our constantly evolving security landscape.
It will also include featured guest editorial pieces from some of the security industry’s most respected leaders, and recognized firms in the 2022 ‘ASTORS’ Awards Program.
A complete list of 2022 ‘ASTORS’ Award Winners will be announced shortly.
For more information on All Things American Security Today, as well as the 2023 ‘ASTORS’ Awards Program, please contact Michael Madsen, AST Publisher at mmadsen@americansecuritytoday.com.
AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:
- Provides named sources
- Reported by more than one notable outlet
- Includes supporting video, direct statements, or photos
Subscribe to the AST Daily News Alert Here.
Learn More…
CyberArk Returns to Compete in Fifth Annual ‘ASTORS’ Awards Program
