Rohyt Belani offered the Baltimore Business Journal strategies for how businesses can mitigate the most prevalent cause of enterprise data breaches.
During my years at Mandiant, I responded to a lot of breaches for a wide variety of organizations. Every breach case had one thing in common – the customer was compliant.
While compliance is a requirement for many organizations, compliance does not equal security. I was recently talking to a CISO who has divided his department into two teams – one focused on security and the other focused on compliance. The security team deals with emerging threats to the network, while the compliance team deals with regulations. It’s an interesting strategy, and one that reflects how separate compliance and security concerns have become.
Security awareness has traditionally been associated with the compliance side of security, but to be truly effective, it needs to focus on current threats and evolve with the threat landscape.