Concerns over Brand Security are Escalating

Wednesday, June 03, 2015

Peter Zavlaris


The unprecedented technological advancement seen over the last two decades has become a double-edged sword. As a result, information security has gone from being a tertiary IT function to a significant operational risk.

In an article on CSO Online, Maria Korolov cites a recent survey of 200 corporate directors and found that 80% of corporate boards have security on the agenda.

It turns out that 66% of survey participants weren’t confident in their organizations ability to defend against cyber attacks. Surprisingly, on average security ranked second to last in priority for developing new products and services.

"It's become a really serious issue," said Chris Wysopal, CTO and co-founder at Veracode, a security vendor. "It's not just an IT issue, or a policy issue, or a compliance issue. It's becoming a corporate risk issue."

Of all the consequences related to cyber threats, board members surveyed said that brand damage, data breach costs, and theft of intellectual property were the top security concerns. Finally, most of the respondents considered brand security to be a key measurement of a CEO’s effectiveness as a business leader.

If the CEO is being held responsible for brand security, CISO’s will be essential to helping them meet those objectives. Its an opportunity for CISOs to take ownership over key operational risks and demonstrate the efficacy of good security practices.

However, CISOs must tread lightly. At the end of the day, businesses exist in order to earn revenue. As much as the business world is becoming captivated with security, ultimately the bottom line will play a key role in determining new security initiatives.

Unfortunately for security practitioners, the very technologies that are driving modern businesses like cloud computing, digital advertising, virtual supply chains, etc., are causing security problems. This is mainly a result of security being concentrated at the perimeter and the industry's heavy reliance on firewalling and endpoint sensors.

The problem with perimeter based security is that modern business technologies transmit/store data and host branded assets (websites, mobile apps, social sites, ads, etc.) outside of the perimeter. Thus a security gap is left in between organizations and their digital touch points.

Brand protection starts with the securing the digital assets that are most vital to the business, particularly those interacting with customers. The key is maintaining an active inventory of all digital assets and continuously monitoring for outward facing threats like defacements or strategic, web-based attacks.

CISOs have the opportunity to make a meaningful impact on brand risk by leveraging a new technology, purpose-built for securing digital assets. RiskIQ develops the tools necessary to keep up with modern technological trends that support the business while simultaneously improving security.

This was cross-posted from the RiskIQ blog.

Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.