I have recently spend some time looking at security issues, new threats, and new hacking techniques and tools.
I can tell you that it can happen to any of us, hackers are a number of steps ahead. I now know that it has not happened to my organization because of two reasons only, 1) we are lucky and 2) no hacker decided to target us.
Rest assured that if you are targeted, your security will be penetrated, even RSA was recently successfully attacked.
I am not saying do nothing about security, no do your absolute best but also prepare the management team that attacks can and do happen ..
As I CIO, I make it a point to make sure that the rest of the executive team are fully aware that reaches can and will happen. I find it difficult to explain all the technical issues to business execs. But I feel responsible for making them aware of the potential risk.
On the other hand we have a full plan for crisis communications, we know what we will say and do if/when we have an IT security crisis.
And of course work very hard to make sure we are as secure as can be ..
It will be wise to be equipped with a data loss/lead prevention that really work in a high performance of false positive/ negative, easy and fast to deploy in terms of data classification, fast ROI and low TCO, no need a special DLP person in charge for, which mean low maintenance and intuitive to manage – and to make a long story short – GTB DLP is the best professional, even un known brand, solution in the market.
For example, Bank of America suffered allot from data leakage, because they have a DLP solution of a leader one by Gartner MQ report, that works on monitoring mode and not prevention mode, due to the very high false positive.
Same problem with other governmental agencies that suffered and still suffering from data leakage even they do have a DLP solution leader there.
See those flash demo and movie to understand why and how :