In the wake of numerous high profile data breaches, I talked to security expert Eric Cole of the SANS Institute to pick his brain on what organizations can do to stem the tide of data theft attacks. Cole believes that people aren’t focusing on the fundamental actionable things that their organizations can do to be able to minimize and stop these types of attacks from occurring.
“Whenever a major event occurs, somebody always wants the name of someone who is responsible as well as a quick fix of what went wrong,” says Cole. “In the case of Target, people are saying one of their vendors didn’t have a system that was secure and that was the reason that Target got compromised.”
But when you really look at it, Cole says there is never a single reason why organizations get compromised. “There are always
many things that go wrong, and simply saying a third-party vendor didn’t have a secure system is really overlooking the fundamentals
of what is really needed to secure, protect and lock down an organization.”