Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How Hurricanes Stress the Security Lessons of Vulnerability and Risk

Even when all hell breaks loose in the world of information security, it has never rivaled the fallout of a natural disaster. This is a perspective worth considering, after two major hurricanes, Harvey and Irma, left paths of destruction over a three-week span, striking at our hearts and permeating the public consciousness like the most egregious data breach never has come close to doing.

But given that this is a blog for information security professionals like yourself, let's try to draw a connection between the two types of events - at least in terms of how they could be prepared for - which may help provide some context to the digital tempests you regularly take on.

Hurricane Harvey laid waste to parts of coastal Texas and devastated the Houston area with historic flooding, while Irma ravaged the Florida Keys and several Caribbean islands with punishing winds and storm surge. When studying the impacts of these hurricanes, it is common to ask if they could have been worse, whether we have learned anything from prior events that may have minimized the repercussions this time around.

In the case of Harvey, it seems clear now that Houston was not prepared to confront a storm of this magnitude. On the other hand, an aerial tour of the Florida peninsula following Irma revealed that stricter building codes - and greater investment in stronger structures - helped keep damage down, according to U.S. lawmakers and Coast Guard officials.

As Time wrote following Harvey: "Research has shown that spending more (upfront) saves money in the long run." It cited a Pew report, which found that underinvestment in natural disaster risk mitigation has become a chronic problem, despite every dollar that is invested in risk reduction saving $4 in "relief and rebuilding costs" down the road.

How many times have we heard similar proclamations made relative to cybersecurity? That the average cost of a data breach - $3.62 million, according to a recent estimate - is something no organization wants to deal with. As such, sufficiently modeling risk and building security in, versus bolting it on after a breach (when you're already dealing with hard costs like direct revenue losses and soft costs like reputational harm) is a far more affordable preference.

But one can preach the importance of secure coding, testing for vulnerabilities, applying patches in a timely manner, security awareness education, endpoint detection, threat hunting, etc. until we're blue in the face. These are all sound best practices to implement before it becomes necessary to dispatch a breach response.

At the end of the day, though, cybersecurity will remain an exercise in risk. But just like some cities may be underestimating their likelihood to absorb a natural disaster, businesses may not be properly weighing the dexterity and elusiveness of today's cybercriminals - and how much mayhem they can inflict when something is missed.

Part of the problem is that organizations tend to miscalculate how they should prioritize their cyber defense, and even when they know where they should position their focus, they face a shortage of internal talent and resources to make any use of that knowledge. This white paper on evaluating your IT risk assessment process can help move you forward and point you in the direction to which you need to get.

Remember, a 500-year flood may never be far off. When in doubt, hope for the best, but prepare for the worst.

Dan Kaplan is manager of online content at Trustwave.

Latest Trustwave Blogs

How to Ensure Proper Managed Detection and Response Coverage, Even with Rapid Onboarding

Managed detection and response (MDR) providers often tout how quickly they can onboard new clients, and rapid onboarding can indeed be essential in many instances, but speed is not always paramount....

Read More

Trustwave Named a Representative Vendor in 2024 Gartner® Market Guide for Co-Managed Security Monitoring Services

Trustwave has been named a Representative Vendor in Gartner just released the 2024 Market Guide for Co-Managed Security Monitoring Services. Gartner estimates that there are more than 500 vendors who...

Read More

Navigating Security Risks and Innovations in the Hospitality Industry

As technology has become available, the hospitality industry has focused on making the most out of innovations such as contactless services and eco-friendly practices.

Read More