Don’t Be The Company That Only Strengthens Security After an Attack

A strong enterprise security strategy sure does seem like a good thing in retrospect. When a company is breached, we’re betting this kind of retrospective talk happens almost immediately. After all, it is always easy to say after a calamity what should have been done before.

But what separates the smart, security-conscious organizations from the breached ones is that those in the former category were having conversations about attack preparedness before a malicious incursion ever happened. For them, the idea of an attack was impetus enough to bolster enterprise cybersecurity defenses. But for many other companies, it takes a breach itself to inspire real change.

The problem with this approach is that once a company experiences an attack, the question immediately turns to how the business allowed it to happen. To customers impacted by a breach, hearing that a company is ramping up security is a bit like learning they’ve chosen to put a Band-Aid on a deep wound. After all, the damage has already been done.

Despite Virulence of Malware Strains, Companies Still Lackadaisical About Defense 
When it comes to breaches, general business preparation leaves much to be desired, as a poll recently carried out by InformationWeek found. The poll — which reached out to 536 industry insiders — revealed that while 77 percent of respondents recognize the growing sophistication among corporate attackers, only 37 percent have decided to boost their enterprise security spending.

What this suggests is that most companies are unwilling to face the reality of a malware attack until it becomes a reality for them. Part of this ambivalence lies in the fact that many companies only construct their security infrastructure to meet the requirements of outside evaluators. And those standards usually require the bare minimum and often dated.

“Our survey shows that even in 2014, with record breaches and threats, the top way organizations measure the value of their security investments is by whether they pass a third-party audit,” InformationWeek stated.

Instead of relying on an audit to validate their security solutions, businesses need to claim ownership of these lines of defense. Companies that shirk on their protective responsibilities are often under the misapprehension that such concerns are peripheral. They aren’t. Strong security lies at the heart of any good business. Without it, enterprises can expect a tough road.

Layered Defense Represents a Way Businesses Can Easily Boost Security
Fortunately for all enterprises, there are many simple ways to firm up security. One of these is through the implementation of a system of layered defense, which provides businesses with the defensive infrastructure to keep hackers out.

After popular URL-shortening service Bitly experienced a breach, it decided to adopt a two-factor system, according to SC Magazine. This is another means of securing company platforms.

However, because Bitly’s decision came only after an attack, the change will likely do little to assuage user skepticism about personal security on the site. But every company has to start somewhere, and Bitly’s willingness to admit to its shortcomings and improve security will bode well for its future.

For all other businesses out there, we suggest avoiding such public scrutiny altogether by implementing a layered cybersecurity defense — before an attack.


Entrust provides identity-based security solutions that empower enterprises, consumers, citizens and websites in more than 5,000 organizations spanning 85 countries. Entrust's identity-based approach offers the right balance between affordability, expertise and service. With more than 125 patents granted and pending, these world-class solutions include strong authentication, physical and logical access, credentialing, mobile security, fraud detection, digital certificates, SSL and PKI.


Add to the Conversation