Page 5 - index
P. 5
RSA Conference Unveils Unique Challenges and Trends as Cyber
Attacks Mature
By Jim Anderson, President of the Americas for BAE Systems Applied Intelligence
RSA remains the premier gathering for industry experts across a wide array of cyber security,
threat intelligence and breach remediation. The 2015 conference was no different and served to
highlight many of the unique challenges that IT professionals face in a technologically advanced
society. For those in the field, RSA highlighted three important trends practitioners should know
about: security has escalated from an IT risk to a board room issue, cyber crime “detection” has
become more important than “prevention” and criminals are far more organized than ever
before.
Security is now a board room issue - While the role of IT has typically been the purveyor of
all things security, across the industry, RSA saw a heavy focus on elevating the risk of our
hyper-connected world to the board room. At RSA, it was apparent that boards became more
sensitized to the “business risk” associated with being a victim of cyber crime. As a result, their
concerns have evolved, and many boards are now wondering if what happened to Sony can
happen to them.
What this means is that if a board hasn’t yet asked for updates regarding its exposure to crime,
it will soon. Therefore, Chief Information Security Officers (CISOs) and other IT executives must
now be prepared to discuss the complex realities of cyber crime with a much broader audience
and make recommendations on selecting the proper approach to both augment security around
the network and mitigate damage. This means a new level of communication among the board,
CISOs and the IT team is mostly about education and expectation setting. The board must learn
more about the security space, but equally so, it’s imperative for IT teams to convey business
risk in terms the board can use to guide decisions.
Security is about connecting the dots… faster - Attackers have gotten agile, making it nearly
impossible for organizations to keep pace. For years, digital security was about building the
strongest firewall and defense system available. Today, that approach simply won’t work.
In the US, according to Identity Theft Research Center (ITRC), nearly 800 companies suffered a
data breach last year. IT teams must now act as though attackers have made it beyond their
perimeters and into their networks. IT teams should implement a variety of technologies that can
help to quickly identify behavioral oddities that would be associated with an intruder. These
solutions should include big data technologies and predictive analytics that can shorten the time
period from “breach” to “discovery” and prevent criminals from leaving with assets.
At the same time, as the scale of the threat continues to grow exponentially, companies are
turning to providers of managed services to deal with the shortage of cyber analysts. These
external resources can also incorporate aggregated data from across their client base to
improve security for each company they protect.
5 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
