When it comes to database security it's down to people, not tech fixes, to save the day
Get your staff and processes lined up and ready to go
Interview The woods are full of IT sales teams promising the moon when it comes to locking down databases, yet all the tech fixes in the world won't help you if the staff don't know what to do.
Speaking to The Register for our Spotlight on Databases Month, Yuliya Novikova, head of security services analysis at Kaspersky, said the first stage for any CSO's security and recovery plan is to identify the staff who will be critical in restoring service, and making sure they know what to do in an emergency. Technology has its place, she said, but having people trained up and ready to roll is key for dealing with attacks.
"We cannot fully reply on people, we can't fully rely on security solutions - it's a combination," she explained. "Of course some things will go wrong one day, but it's just a question of how well you have prepared for such conditions."
If the worst does happen and corporate data is stolen and/or leaked online, the first thing to do is not panic, she advised. Focus on gathering evidence so that staff are fully up to speed on what is happening and you're operating from a position of knowledge.
And once you know the situation, it's vital that companies tell customers and regulatory agencies calmly and clearly what is going on. As we've seen in the past, Novikova warned, trying to cover these things up is going to be more harmful in the long run than being open and honest. ®