by Sue Marquette Poremba
I spoke with Mark Hatton, president and CEO of Core Security, about companies that wait weeks before telling consumers their personal data may have been compromised. Why does it take so long? Is it to the company's advantage to wait? Hatton told me:
Advantage is relative here. The time it takes for any company to respond to an attack can vary depending on industry and the nature of the attack. If the lock on your front door is broken, you can replace it rather quickly. But it gets complicated when you’re looking at an attack against an IT infrastructure as remediation is more difficult than replacing a deadbolt. A company needs to first understand the nature of the attack, sort out the remediation process, and how long that will take. For example, they may want to layer additional technologies like security test and measurement to prevent the problem from happening again. Ultimately they’ll review their risk profiles and how to enhance their security intelligence in response to a problem.
Source: Network Security Edge