• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Spotlight   »   Security patches may compromise data breach clues, Forrester warns

Security patches may compromise data breach clues, Forrester warns

  • Posted on:December 2, 2011
  • Posted in:Spotlight
  • Posted by:
    Trend Micro
0

Recent insight from Forrester information security analysts John Kindervag and Rick Holland may leave a number of IT professionals feeling conflicted. According to the duo's latest report, Planning for Failure, network administrators often unwittingly destroy valuable cybercriminal evidence in their rush to patch security vulnerabilities in the immediate aftermath of a data breach.

"You must decide if you want to prosecute before you remediate," the report argues, according to Network World. "Things work differently in real life than it does on your favorite crime investigation show. Too often, companies clean up a breach and then decide later they want to find and prosecute the perpetrator. Unfortunately, they've just cleaned up most of the evidence, and true justice becomes illusory."

Unfortunately for data security professionals, it seems these incidents may represent a time for choosing the lesser of two evils. According to Network World, keeping security loopholes open to preserve evidence could expose a company to further danger. There is also no assurance that law enforcement officials will be prepared to facilitate the investigation in a timely manner.

But regardless of the data breach resolution strategy ultimately selected, time is of the essence. Kindervag and Holland advise companies to "make an investigation and prosecution decision immediately" after discovering the issue, according to Network World.

It remains to be seen how the global IT community will respond to this insightful, albeit discouraging, news.

Data breaches continue to be a prevalent concern in the private sector, as companies often suffer significant operational and reputational effects as a result of such incidents. According to CIO Insight, less than half of businesses classify their reputation and brand image as a resilient asset, with many fearing irreparable damage from data breaches. For many corporations, these are valid concerns, as millions of dollars are at stake.

The public sector has also seen its fair share of data breaches lately. According to CBC News, the Canadian government is one such organization suffering the ill effects of cybercrime. Citing data from Telus-Rotman researchers, "insider" data breaches have risen 68 percent in the nation since 2008, and nearly 30 percent this year alone. When such incidents occur, everything from economic to national security can be compromised.

It may be a natural response for IT teams to go after the perpetrators responsible for these damages, but as Forrester cautions, anger should not be the primary consideration shaping resolution plans.

Data Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Samsung Card data breach sparks police investigation
  2. Following data breach, Epsilon implements new data security enhancements
  3. Expert warns against SAFE Data Act’s 48-hour rule
  4. Most data security threats are internal, Forrester says

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.