Did someone call security?

Profiting from the heavy security compliance burden is possible, says Ross Brewer

Proposed European legislation would make notification of data breaches within 24 hours mandatory for both public and private sector organisations. Those that fail to notify authorities in a timely or complete fashion could, in the future, face fines of up to two per cent of their current global annual revenue.

Unfortunately, accurately identifying the systems and customer data affected by a breach in just 24 hours is an extremely big ask. This could easily lead to over-disclosure, a problem that has already been causing concern in the US, which has had breach notification laws in place for some time.

As the name suggests, over-disclosure occurs when organisations are forced to reveal more information than is strictly necessary. For example, they may have to notify every individual potentially affected by a breach rather than just those who definitely were. And if they do not know exactly what information has been lost, they may need to overstate the severity of the incident.

The issuing of blanket breach notifications in this way could have negative repercussions for the affected organisation, causing a loss of confidence among potential and existing customers. Furthermore, every consumer interaction incurs a cost, so it is vital that firms tell only those they know are truly affected by a breach.

Data processing

Many firms will undoubtedly struggle to comply with the EC’s proposed notification window even if - as many commentators expect - the rules are eventually relaxed. This is largely due to a lack of visibility into IT networks that is plaguing organisations today, which presents a significant opportunity for channel partners.

IT infrastructures are growing rapidly as well as diversifying. Organisations generate more IT log data than ever, with some producing more than a billion logs a day. Unfortunately, many businesses do not understand how these logs can help them manage their corporate networks better. When properly collected and analysed, log data can develop forensic insight at every level.

Yet many organisations have inadequate mechanisms for this. As a result, monitoring and reviewing this information to see what has been going on can take days or even weeks. This would not breach a 24-hour notification policy but would be a nightmare when analysing and identifying the root of a problem. Also, many organisations are still in the mindset that traditional point security which focuses on fencing out threats, such as anti-virus or firewalls, is enough to stop data breaches.

This is clearly not the case. Furthermore, the growing security compliance burden increasingly encompasses the processes surrounding data breaches - not just whether or not a breach occurs in the first place. Cyber threats are now inevitable, and the channel must take the time to help organisations understand that it is no longer a matter of if a breach happens, but when.

Step into the breach

This provides resellers with a great opportunity to consider partnering with providers of offerings that promise full and continuous insight into what is occurring across their IT systems all the time - not just after a breach.

In practice, this means tools that can automatically collect and analyse 100 per cent of IT log data in real time, such as next-generation security information and event management (SIEM).

This can provide traceability, so anomalies can be identified, damage limitation strategies formulated, and accurate breach notifications generated - all in real time. In the long term, this approach not only provides the forensic insight required to truly understand how threats penetrate systems and compromise data, but also helps future-proof organisations against the increasingly stringent data protection regulations that are continuing to dominate legislative agendas across the globe.

Resellers would therefore not only be able to differentiate their offering from other cyber security and compliance solutions, but also to cross-sell such technology, ultimately giving them competitive advantage.

Ross Brewer is vice president and managing director of international markets at LogRhythm