Eskenzi PR Eskenzi PR
  • About Us
Friday, 23 April, 2021
IT Security Guru
Eskenzi PR
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Cutting Through the RSA Conference Jargon: Cybersecurity Lessons for the C-Suite

by The Gurus
May 11, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Cutting Through the RSA Conference Jargon: Cybersecurity Lessons for the C-Suite
By Mike Potts, CEO, Lancope
Another RSA conference is behind us, and as always, we overheard security professionals speaking their own language using terms like “APTs“ and “zero-day threats.” While these words and numerous other terms sound like jargon, they represent important cybersecurity concepts that have typically flown over the collective head of C-Suite executives and board members — until today.  At this year’s RSA conference, I noticed that cybersecurity is finally being recognized as a business discipline that directly impacts an organization’s business goals, which is causing the C-Suite sit up and listen.
The string of damaging data breaches suffered by high-profile companies like Target, Sony Pictures, Home Depot and JP Morgan Chase have helped to elevate the issue of cybersecurity to the C-Suite and board levels.  While the mechanics of identifying and remediating attacks may reside with the IT team, cybersecurity has become a company-wide effort that the leadership team must oversee.
With cybersecurity cast in this new light, CEOs need to consider three crucial questions: what must be done to provide security administrators with network visibility to manage both the internal and external security threat, what is the company’s incident response plan, and what will be done to minimize the damage done by the inevitable attack? And, in fact, many Fortune 500 enterprises are forming board cybersecurity subcommittees to answer these questions, translating the cybersecurity discussion into business terms that directors and the C-Suite can digest and act upon.
Another observation I had at RSA is that the cybersecurity discussion is changing. No longer are we talking about if we’ll be attacked and even when we will be attacked. Today, we know that it is very likely that the bad guys are already inside the network.
To complicate matters, we’re on the leading edge of the Internet of Things trend. An increasing number of machines, encompassing everything from printers to refrigerators to heart monitors in hospitals, have their own unique IP address and can communicate with one another. This creates a new set of cybersecurity vulnerabilities that will affect virtually every industry.
Welcome to Security 2.0. 
In the world of Security 2.0, attackers have become increasingly sophisticated and are capable of bypassing traditional network perimeter security defenses; in fact, the threat of an insider attack is actually a bit higher — about 51 percent — than that from an outsider. That is why having a real-time view inside the network is so critical. I’m not suggesting that organizations abandon perimeter defenses altogether.  But at the same time, companies and government entities alike cannot rely on perimeter defense tools alone and expect to adequately secure their networks. Outside attackers can too easily break through, and of course, it’s just as easy for the inside threat actor to open the door and walk out.
Insider threats, network visibility, device classification, Internet of Things…I realize that for a CEO this post may start to fall under the heading of “cybersecurity jargon I don’t need to understand.” So let me revisit the three questions I mentioned earlier and provide some context.  These are questions that you, and hopefully the new director of your board’s cybersecurity subcommittee, should be asking your security administrator:

  1. Do you have visibility into activity going on across our entire network? This is a necessity in a Security 2.0 world, and your budget should focus on implementing technologies that provide this internal visibility as well as hardening the security perimeter around the network.
  1. What is our incident response plan? This is the company’s response plan, not just an IT plan. How are employees trained to recognize suspicious external and internal activities and report those activities? How will you work with your marketing and legal teams to communicate the incident to employees and to the public? These just a few of the questions that must be addressed in a comprehensive incident response plan.
  1. What is our remediation process? It is naive to expect an attacker will not penetrate the defenses on your network. If the attacker tries 100 times and only succeeds once, he wins. With this in mind, cybersecurity best practices must also include how to quickly remediate an attack to minimize the damage, both in terms of compromised assets and damage to your company’s reputation.

Many companies that suffer a data breach don’t realize the damage has been done until a third party such as the Department of Justice or a bank alerts them. This is a clear signal that the era of Security 1.0, which had companies devoting their budgets to blocking outside threats from getting in, is over. We’re now in the era of Security 2.0 where the attacks are more sophisticated, the insider threat is very real, and the term “connected devices” applies to an ever-growing variety of machines that are connected to our networks. It is also an era when the C-Suite and the board of directors are finally giving information security the attention it requires in order to maintain the company’s security posture while also recognizing its importance as part of the overall business plan.
To learn more about how Lancope’s StealthWatch can help you detect threats already inside your network in a Security 2.0 world, visit us here.
 

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: APTsc-suiteCyber Securitycybersecuritydata breachHome Depotincident responseinformation technology. fortune 500ITit securityjargonJP Morgan ChaseLancopeMike PottsRSARSA ConferenceSony PicturesTargetZero-day
ShareTweetShare
Previous Post

China’s internet highly vulnerable to cyber attacks

Next Post

Breaking Bad-themed 'Los Pollos Hermanos' crypto ransomware found in the wild

Subscribe
Notify of
guest
guest
2 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
trackback
Cutting Through the RSA Conference Jargon: Cybersecurity Lessons for the C-Suite | IT Security News
May 11, 2015 10:21 am

[…] post Cutting Through the RSA Conference Jargon: Cybersecurity Lessons for the C-Suite appeared first on IT SECURITY […]

0
Abdul
Abdul
April 23, 2019 6:56 pm

Hi there! Such a good article, thanks!

0

Recent News

messaging apps - signal

Signal CEO hacks mobile-hacking firm

April 22, 2021
New UK laws to protect IoT devices amid sales surge

New UK laws to protect IoT devices amid sales surge

April 22, 2021
edgescan logo

PRODUCT REVIEW – Edgescan makes fullstack vulnerability management easy

April 21, 2021
The clubhouse app

Armis and UK’s Eseye partner to secure connected devices on any cellular network

April 20, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
2
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept