SlideShare a Scribd company logo

The 10 Secret Codes of Security

Karina Elise
Karina Elise
BusinessTechnology
1 of 26
Download to read offline
THE SECRET CODES OF SECURITY 10
If you want to see how a lion hunts, you don’t go to the zoo. You go to the jungle. This is why we went exploring: friends of friends. In their comfort zones. No scripts. No transactions. We wanted to get into the hearts and minds of IT, so we had conversations rather than interviews. But naturally, we dug into one of the most critical topics in IT today: security. 4 WEEKS. 5 STATES. 9 CITIES. 20 SENIOR IT DECISION MAKERS. 12 TO 35 YEARS’ EXPERIENCE. A RANGE OF INDUSTRIES, INCLUDING FINANCE, PHARMA, MANUFACTURING, JOURNALISM, EDUCATION, TECHNOLOGY, HOSPITALITY, TELECOM, ENTERTAINMENT AND REAL ESTATE. GLOBAL AND DOMESTIC COMPANIES, FROM 50 TO 90,000 EMPLOYEES.
THROUGH 2016, 75% OF CISOS WHO EXPERIENCE PUBLICLY DISCLOSED SECURITY BREACHES AND LACK DOCUMENTED, TESTED RESPONSE PLANS WILL BE FIRED. –Gartner ‘‘ ”
And if the people at the top are worried about security, you better believe all the people involved in enterprise IT decisions are feeling the pressure.   Among almost everyone we interviewed, security came up as the most common work-related nightmare. It is clearly on their minds on a daily basis. But what exactly are they worrying about, and why? Let’s look at 10 human truths about IT pros’ approach to dealing with security.
Almost every IT solution is a security risk to some extent, which can lead to some pretty paranoid ITpros. The level of comfort and confidence in current security measures and models is generally low. THEY ARE INSECURE ABOUT SECURITY I
MY COMPANY CONSTANTLY SAYS SECURITY IS THEIR #1 PRIORITY WITH IT. THEY TALK THE TALK. BUT THEY DON’T ACTUALLY DO ENOUGH. IT’S SECURITY THROUGH OBSCURITY. — Tony, Automation Services Consultant for a large bank ‘‘ ” “I mean, my systems are secure because I’m not a dummy and I like to sleep at night. But I can’t say that for most of my company.” — Mike, Senior IT Manager at a large telecom company 96% of successful attacks on enterprise security in 2012  were not highly difficult — everyone is truly at risk. > Verizon 2013 Data Breach Report The average cost per record of a data breach in 2011 was $222. The average company with a data breach that year lost $5.5 million. > Ponemon Institute State of Web Application Security
NO ONE HAS IT FIGURED OUT IT pros stressing about the holes in their systems assume that their problems are the worst, when in reality, their peers in other companies and industries are up against similar threats and complications. 2
“Security becomes more and more challenging as IT is shifting to the cloud and mobile devices. Consumerization of IT caught traditional corporate IT infrastructure totally unprepared. Even the best of us are still trying to catch up.” — Nico, Senior IT Project Manager at a large global manufacturing company YOU’VE GOT TO BE KIDDING ME — THAT BANK DOESN’T HAVE PERSONAL DEVICE SECURITY FIGURED OUT YET? I THOUGHT WE WERE SO FAR BEHIND THE INDUSTRY. — Jonathan, Global Head of Data Transformation at a large finance company 75% of attacks are opportunistic — not targeted at a specific individual or company. > Verizon 2013 Data Breach Survey 86% of all websites had at least one serious vulnerability. > Whitehat 2013 Website Security Statistics Report ‘‘ ”
RELIEF IS BRIEF When it comes to security, there is never a moment when it’s all under control. The thousands of solutions and options can’t be implemented as fast as the potential risks evolve. Any sense of security an IT pro might feel is likely to be short lived. 3
“No one is ever 100% protected. You should never feel safe, or you’re not being diligent.” — Jonathan, Global Head of Data Transformation at a large finance company IF YOU THINK YOU’RE PROTECTED, YOU’RE DOING IT WRONG. — Mike, Senior IT Manager at a large telecom company 66% of the breaches took months or even years to discover. > Verizon 2013 Data Breach Report “34% of urgent vulnerabilities are not fixed.” > Ponemon Institute, State of Web Application Security There are an average of 70,000 new threats per day. > Kaspersky Lab ‘‘ ”
If something goes wrong, it’s a crisis management problem — not a security problem. The best security experts approach it as a proactive matter. 4 THE GOAL IS PREVENTION, NOT REACTION
“Security is all about non–issues.” – Pat, VP, IT Manager at a large technology company IN 2011, 97% OF SECURITY BREACHES COULD HAVE BEEN AVOIDED THROUGH SIMPLE OR INTERMEDIATE CONTROLS. – Verizon 2012 Data Breach Report “We have a company–wide policy to treat all of our systems as if they have already been compromised at all times.” — Will, SaaS Consultant for a large technology solutions company
SECURITY IS MISSION CRITICAL Finance and healthcare have the most serious legal ramifications when it comes to IT security. At the same time, companies in every industry, big and small, are striving to implement the security measures needed to protect data. 5
1 in 5 Americans would stop doing business with a bank or credit card company after a security breach. 94% of healthcare organizations have been breached. I WENT FROM WORKING IN ENTERTAINMENT WHERE I COULD SORT OF JUST ASSURE PEOPLE THE SOLUTION I WANTED TO DO WAS SAFE, TO WORKING IN FINANCE WHERE I HAD TO PROVE IT TO 15 PEOPLE BEFORE IT WAS EVEN CONSIDERED. — Waseem, Consultant and System Administrator for a small investment company Security breaches cost healthcare organizations $2.4M over 2 years as the healthcare sector is among the most vulnerable to hacking and cyberattacks. >HIT Consultant 14 % of data breaches were in the financial sector and 255,396,710 records were exposed by the breaches. >Privacy Rights Clearinghouse ‘‘ ”
SECURITY JOB SECURITY It is shaping the future of IT as a discipline. Job titles, internal organization and business practices are evolving to include internal and third–party security experts, groups and processes. 6 =
SECURITY IN IT IS JOB SECURITY FOR IT. — Waseem, Consultant and System Administrator for a small investment company “IT is a massively growing field. And security is the fastest growing area within that fastest growing area.” — Danny, VP, System Designer at a large pharma company Two-thirds of security leaders expect spending on information security to rise over the next 2 years. Of those 90% anticipate double- digit growth. One in ten expects increases of 50% or more. > IBM CISO Study ‘‘ ”
HACKERS ARE A PRO’S BEST FRIEND As security becomes more central to all IT decision making, the number of specialists will grow along with options for education and training for that specific skill set. These experts will be unafraid to breach, bend and break tech solutions to ensure they are secure. 7
“Hiring professional hackers to try to break into our systems and identify the holes has been the most powerful way to convince management to pay for security projects!” — Nico, Senior IT Project Manager at a large global manufacturing company I ASK FOR A TRIAL AND THEN I TRY TO BREAK IT. I SPEND DAYS OR WEEKS LOOKING THROUGH THE SOURCE CODE, PLAYING WITH THE SETTINGS, GETTING ALL MY MOST BRILLIANT CODER FRIENDS TO TRY TO BEAT THE SYSTEM AND BREAK IN. THE BEST SECURITY SPECIALISTS ARE HACKERS AT HEART. — Waseem, Consultant and System Administrator for a small investment company   Did You Know? If the organization has a CISO with overall responsibility for enterprise data protection, the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response can also save as much as $41per record. ‘‘ ”
THERE IS NO QUICK FIX As companies strive to get a handle on security, many are quickly realizing that doing it well means rethinking the entire IT security model. It’s not as simple as adding another layer; they often find themselves rewriting the rules on data access altogether. 8
“There is NO reason for me to ever see client– identifying data. But right now, I could.” — Jonathan, Global Head of Data Transformation at a large finance company “Crunchy on the outside. Soft and chewy in the center.” — Danny, VP, System Designer at a large pharma company   A NEW MODEL FOR COMPANY SECURITY THE MOAT MODEL the old way the new way THE ONION MODEL roam free complete lockdown c-suite contractors + vendors
SECURE SOLUTIONS VS. SECURITY SOLUTIONS  Enterprises are trying to strike the right balance between tools they trust and tools built specifically to further secure existing systems. As a result, no matter what the IT solution might be, security is a factor in the decision–making process. 9
THERE IS THIS PARKING LOT THAT HAS ROUGHLY 50 STOP SIGNS IN IT. IF THERE WERE 10–20 WE’D PROBABLY STOP AT ALL OF THEM. INSTEAD, BY HAVING SO MANY, WE ARE ALL TEMPTED TO SKIP THEM ALL. THERE’S A TIPPING POINT WITH SECURITY SOLUTIONS. — Will, SaaS Consultant for a large technology solutions company   “Security should be a part of any architected solution.” — Mike, Senior IT Manager at a large telecom company ‘‘ ”
RESISTANCE IS REALITY Security measures are seen as an impedance, not an enabler. Everyone feels the pain of extra passwords and multiple logins on productivity, so change is slow to happen, especially when it comes to things like BYOD. 10
“Like anything else IT-related, the best course of action is to induce change by making users’ lives easier. Users are unlikely to prioritize a system’s security over their lives’ simplicity.” — Will, SaaS Consultant for a large technology solutions company HACKERS AREN’T SECURITY’S BIGGEST ENEMY. USERS ARE. — Bob, Full–time IT Consultant for a class–action services company In 2011, negligence accounted for 39% of data breach, slightly more than the 37% that came from malicious attacks. > Ponemon Institute State of Web Application Security The most common password used by global businesses is “Password1” because it satisfies the default MS Active Directory complexity setting. > 2012 Trustwave Global Security Report ‘‘ ”
NOW GO DO THIS
1 EMBRACE THE COMPLEXITY Don’t overpromise or pretend to have the silver bullet. Ignoring the complications and speed of change means not understanding it. 2 OFFER A COMMON GROUND Unite ITDMs in the sense of security that comes with knowing everyone is dealing with these threats and no one has solved them. 3 ACKNOWLEDGE THE LAYERS Talk about security as the ecosystem it is. Each business needs to find the layers and tools that are right for them. 4 HELP THEM SPREAD THE WORD It can be difficult for ITDMs to sell solutions to their colleagues. Arm them with ways to talk about and show security solutions as a positive addition to the organization. 5 GET PERSONAL Don’t just tell them what the solution can do for their business, make it about what it can do for them. ITDMs are yearning for glory and respect. 6 BE A SOURCE OF COMFORT AND SUPPORT With all the complexities of security, ITDMs can’t go it alone. Be the partner they can turn to through thick and thin.

Recommended

Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 

Recommended

Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...
Talking To The Board: How To Improve Your Board's Cyber Security Literacy – U...Tripwire
 
Cyber Secuirty Visualization
Cyber Secuirty VisualizationCyber Secuirty Visualization
Cyber Secuirty VisualizationDoug Cogswell
 
Protecting the Core of Your Network
Protecting the Core of Your Network Protecting the Core of Your Network
Protecting the Core of Your Network Mighty Guides, Inc.
 
cybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattcybersecurity-in-the-c-suite-a-matt
cybersecurity-in-the-c-suite-a-mattYigal Behar
 
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasBlack Hat USA 2015: A Visual Snapshot of Security Threats, Trends and Ideas
Black Hat USA 2015: A Visual Snapshot of Security Threats, Trends and IdeasTripwire
 
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)
SYMANTEC_DELOITTE_PARTNERSHIP-UK (3)Sarah Jarvis
 
11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of security11 19-2015 - iasaca membership conference - the state of security
11 19-2015 - iasaca membership conference - the state of securityMatthew Pascucci
 
Staying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMStaying ahead in the cyber security game - Sogeti + IBM
Staying ahead in the cyber security game - Sogeti + IBMRick Bouter
 
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the YearTripwire
 
Research Paper
Research PaperResearch Paper
Research PaperBrian Kasha
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook SecurityRogers Communications
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC SummitTripwire
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletterDominic Vogel
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st centuryThe Economist Media Businesses
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 BrochureDominic Vogel
 
16231
1623116231
16231James Grant
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 

More Related Content

What's hot

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsElizabeth Dimit
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesJoseph DeFever
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesTripwire
 
2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the YearTripwire
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...Mighty Guides, Inc.
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Mighty Guides, Inc.
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the BoardroomMarko Suswanto
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC SummitTripwire
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyMighty Guides, Inc.
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...IBM Security
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursSurfWatch Labs
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesAdam Stone
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Devendra kashyap
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 

What's hot (20)

To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great CollaboratorsTo Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
To Be Great Enterprise Risk Managers, CISOs Need to Be Great Collaborators
 
Cybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & PracticesCybersecurity: Perceptions & Practices
Cybersecurity: Perceptions & Practices
 
Improving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & ExecutivesImproving Cyber Security Literacy in Boards & Executives
Improving Cyber Security Literacy in Boards & Executives
 
2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year2017 in Review: Infosec Pros Look Back on the Year
2017 in Review: Infosec Pros Look Back on the Year
 
Research Paper
Research PaperResearch Paper
Research Paper
 
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
EMEA: Using Security Metrics to Drive Action - 22 Experts Share How to Commun...
 
Rogers eBook Security
Rogers eBook SecurityRogers eBook Security
Rogers eBook Security
 
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
Using Security Metrics to Drive Action in Asia Pacific - 22 Experts Share How...
 
Cybersecurity in the Boardroom
Cybersecurity in the BoardroomCybersecurity in the Boardroom
Cybersecurity in the Boardroom
 
12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit12 Top Talks from the 2017 R-CISC Summit
12 Top Talks from the 2017 R-CISC Summit
 
csxnewsletter
csxnewslettercsxnewsletter
csxnewsletter
 
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response StrategyTrustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
Trustwave: 7 Experts on Transforming Your Threat Detection & Response Strategy
 
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
Leaders & Laggards: The Latest Findings from the Ponemon Institute’s Study on...
 
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach OccursHow to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
How to Connect Your Server Room to the Board Room – Before a Data Breach Occurs
 
The meaning of security in the 21st century
The meaning of security in the 21st centuryThe meaning of security in the 21st century
The meaning of security in the 21st century
 
OS17 Brochure
OS17 BrochureOS17 Brochure
OS17 Brochure
 
16231
1623116231
16231
 
Security Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the TreesSecurity Leaders: Manage the Forest, Not the Trees
Security Leaders: Manage the Forest, Not the Trees
 
Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland Cybrary's navigating a security wasteland
Cybrary's navigating a security wasteland
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 

Similar to The 10 Secret Codes of Security

Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Bala Guntipalli ♦ MBA
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyCasey Fleming
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementMighty Guides, Inc.
 
Security Transformation
Security TransformationSecurity Transformation
Security TransformationFaisal Yahya
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapDominic Vogel
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsBrooke Bordelon
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security smallHenry Worth
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Armor
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2Adela Cocic
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015anpapathanasiou
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Berezha Security Group
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018insightscare
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-SecurityTara Gravel
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSACipherCloud
 

Similar to The 10 Secret Codes of Security (20)

Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...Internal or insider threats are far more dangerous than the external - bala g...
Internal or insider threats are far more dangerous than the external - bala g...
 
BLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity LiteracyBLACKOPS_USCS CyberSecurity Literacy
BLACKOPS_USCS CyberSecurity Literacy
 
Risksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability ManagementRisksense: 7 Experts on Threat and Vulnerability Management
Risksense: 7 Experts on Threat and Vulnerability Management
 
Security Transformation
Security TransformationSecurity Transformation
Security Transformation
 
Cybersecurity report-vol-8
Cybersecurity report-vol-8Cybersecurity report-vol-8
Cybersecurity report-vol-8
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Tech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event RecapTech Talent Meetup Hacking Security Event Recap
Tech Talent Meetup Hacking Security Event Recap
 
IT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business ProblemsIT Solutions for 3 Common Small Business Problems
IT Solutions for 3 Common Small Business Problems
 
7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec7350_RiskWatch-Summer2015-Maligec
7350_RiskWatch-Summer2015-Maligec
 
Pitss
PitssPitss
Pitss
 
Cyber Security small
Cyber Security smallCyber Security small
Cyber Security small
 
Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?Cybersecurity - Whose responsibility is it?
Cybersecurity - Whose responsibility is it?
 
1. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol21. security 20 20 - ebook-vol2
1. security 20 20 - ebook-vol2
 
Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015Top 6 things_small_businesses_q12015
Top 6 things_small_businesses_q12015
 
Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...Slides to the online event "Creating an effective cybersecurity strategy" by ...
Slides to the online event "Creating an effective cybersecurity strategy" by ...
 
Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018The 10 most trusted healthcare it security solution providers 2018
The 10 most trusted healthcare it security solution providers 2018
 
Looking into the future of security
Looking into the future of securityLooking into the future of security
Looking into the future of security
 
140707_Cyber-Security
140707_Cyber-Security140707_Cyber-Security
140707_Cyber-Security
 
Cyber Security Lessons from the NSA
Cyber Security Lessons from the NSACyber Security Lessons from the NSA
Cyber Security Lessons from the NSA
 

Recently uploaded

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creationsnakalysalcedo61
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCRashishs7044
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCRashishs7044
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessSeta Wicaksana
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedKaiNexus
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadAyesha Khan
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCRashishs7044
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Serviceankitnayak356677
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesKeppelCorporation
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 

Recently uploaded (20)

Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
Marketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet CreationsMarketing Management Business Plan_My Sweet Creations
Marketing Management Business Plan_My Sweet Creations
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR8447779800, Low rate Call girls in Rohini Delhi NCR
8447779800, Low rate Call girls in Rohini Delhi NCR
 
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
8447779800, Low rate Call girls in Uttam Nagar Delhi NCR
 
Organizational Structure Running A Successful Business
Organizational Structure Running A Successful BusinessOrganizational Structure Running A Successful Business
Organizational Structure Running A Successful Business
 
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Greater Noida ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… AbridgedLean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
Lean: From Theory to Practice — One City’s (and Library’s) Lean Story… Abridged
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in IslamabadIslamabad Escorts | Call 03274100048 | Escort Service in Islamabad
Islamabad Escorts | Call 03274100048 | Escort Service in Islamabad
 
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR8447779800, Low rate Call girls in Tughlakabad Delhi NCR
8447779800, Low rate Call girls in Tughlakabad Delhi NCR
 
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts ServiceVip Female Escorts Noida 9711199171 Greater Noida Escorts Service
Vip Female Escorts Noida 9711199171 Greater Noida Escorts Service
 
Annual General Meeting Presentation Slides
Annual General Meeting Presentation SlidesAnnual General Meeting Presentation Slides
Annual General Meeting Presentation Slides
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With RoomVIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
VIP Kolkata Call Girl Howrah 👉 8250192130 Available With Room
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 

The 10 Secret Codes of Security

  • 1. THE SECRET CODES OF SECURITY 10
  • 2. If you want to see how a lion hunts, you don’t go to the zoo. You go to the jungle. This is why we went exploring: friends of friends. In their comfort zones. No scripts. No transactions. We wanted to get into the hearts and minds of IT, so we had conversations rather than interviews. But naturally, we dug into one of the most critical topics in IT today: security. 4 WEEKS. 5 STATES. 9 CITIES. 20 SENIOR IT DECISION MAKERS. 12 TO 35 YEARS’ EXPERIENCE. A RANGE OF INDUSTRIES, INCLUDING FINANCE, PHARMA, MANUFACTURING, JOURNALISM, EDUCATION, TECHNOLOGY, HOSPITALITY, TELECOM, ENTERTAINMENT AND REAL ESTATE. GLOBAL AND DOMESTIC COMPANIES, FROM 50 TO 90,000 EMPLOYEES.
  • 3. THROUGH 2016, 75% OF CISOS WHO EXPERIENCE PUBLICLY DISCLOSED SECURITY BREACHES AND LACK DOCUMENTED, TESTED RESPONSE PLANS WILL BE FIRED. –Gartner ‘‘ ”
  • 4. And if the people at the top are worried about security, you better believe all the people involved in enterprise IT decisions are feeling the pressure.   Among almost everyone we interviewed, security came up as the most common work-related nightmare. It is clearly on their minds on a daily basis. But what exactly are they worrying about, and why? Let’s look at 10 human truths about IT pros’ approach to dealing with security.
  • 5. Almost every IT solution is a security risk to some extent, which can lead to some pretty paranoid ITpros. The level of comfort and confidence in current security measures and models is generally low. THEY ARE INSECURE ABOUT SECURITY I
  • 6. MY COMPANY CONSTANTLY SAYS SECURITY IS THEIR #1 PRIORITY WITH IT. THEY TALK THE TALK. BUT THEY DON’T ACTUALLY DO ENOUGH. IT’S SECURITY THROUGH OBSCURITY. — Tony, Automation Services Consultant for a large bank ‘‘ ” “I mean, my systems are secure because I’m not a dummy and I like to sleep at night. But I can’t say that for most of my company.” — Mike, Senior IT Manager at a large telecom company 96% of successful attacks on enterprise security in 2012  were not highly difficult — everyone is truly at risk. > Verizon 2013 Data Breach Report The average cost per record of a data breach in 2011 was $222. The average company with a data breach that year lost $5.5 million. > Ponemon Institute State of Web Application Security
  • 7. NO ONE HAS IT FIGURED OUT IT pros stressing about the holes in their systems assume that their problems are the worst, when in reality, their peers in other companies and industries are up against similar threats and complications. 2
  • 8. “Security becomes more and more challenging as IT is shifting to the cloud and mobile devices. Consumerization of IT caught traditional corporate IT infrastructure totally unprepared. Even the best of us are still trying to catch up.” — Nico, Senior IT Project Manager at a large global manufacturing company YOU’VE GOT TO BE KIDDING ME — THAT BANK DOESN’T HAVE PERSONAL DEVICE SECURITY FIGURED OUT YET? I THOUGHT WE WERE SO FAR BEHIND THE INDUSTRY. — Jonathan, Global Head of Data Transformation at a large finance company 75% of attacks are opportunistic — not targeted at a specific individual or company. > Verizon 2013 Data Breach Survey 86% of all websites had at least one serious vulnerability. > Whitehat 2013 Website Security Statistics Report ‘‘ ”
  • 9. RELIEF IS BRIEF When it comes to security, there is never a moment when it’s all under control. The thousands of solutions and options can’t be implemented as fast as the potential risks evolve. Any sense of security an IT pro might feel is likely to be short lived. 3
  • 10. “No one is ever 100% protected. You should never feel safe, or you’re not being diligent.” — Jonathan, Global Head of Data Transformation at a large finance company IF YOU THINK YOU’RE PROTECTED, YOU’RE DOING IT WRONG. — Mike, Senior IT Manager at a large telecom company 66% of the breaches took months or even years to discover. > Verizon 2013 Data Breach Report “34% of urgent vulnerabilities are not fixed.” > Ponemon Institute, State of Web Application Security There are an average of 70,000 new threats per day. > Kaspersky Lab ‘‘ ”
  • 11. If something goes wrong, it’s a crisis management problem — not a security problem. The best security experts approach it as a proactive matter. 4 THE GOAL IS PREVENTION, NOT REACTION
  • 12. “Security is all about non–issues.” – Pat, VP, IT Manager at a large technology company IN 2011, 97% OF SECURITY BREACHES COULD HAVE BEEN AVOIDED THROUGH SIMPLE OR INTERMEDIATE CONTROLS. – Verizon 2012 Data Breach Report “We have a company–wide policy to treat all of our systems as if they have already been compromised at all times.” — Will, SaaS Consultant for a large technology solutions company
  • 13. SECURITY IS MISSION CRITICAL Finance and healthcare have the most serious legal ramifications when it comes to IT security. At the same time, companies in every industry, big and small, are striving to implement the security measures needed to protect data. 5
  • 14. 1 in 5 Americans would stop doing business with a bank or credit card company after a security breach. 94% of healthcare organizations have been breached. I WENT FROM WORKING IN ENTERTAINMENT WHERE I COULD SORT OF JUST ASSURE PEOPLE THE SOLUTION I WANTED TO DO WAS SAFE, TO WORKING IN FINANCE WHERE I HAD TO PROVE IT TO 15 PEOPLE BEFORE IT WAS EVEN CONSIDERED. — Waseem, Consultant and System Administrator for a small investment company Security breaches cost healthcare organizations $2.4M over 2 years as the healthcare sector is among the most vulnerable to hacking and cyberattacks. >HIT Consultant 14 % of data breaches were in the financial sector and 255,396,710 records were exposed by the breaches. >Privacy Rights Clearinghouse ‘‘ ”
  • 15. SECURITY JOB SECURITY It is shaping the future of IT as a discipline. Job titles, internal organization and business practices are evolving to include internal and third–party security experts, groups and processes. 6 =
  • 16. SECURITY IN IT IS JOB SECURITY FOR IT. — Waseem, Consultant and System Administrator for a small investment company “IT is a massively growing field. And security is the fastest growing area within that fastest growing area.” — Danny, VP, System Designer at a large pharma company Two-thirds of security leaders expect spending on information security to rise over the next 2 years. Of those 90% anticipate double- digit growth. One in ten expects increases of 50% or more. > IBM CISO Study ‘‘ ”
  • 17. HACKERS ARE A PRO’S BEST FRIEND As security becomes more central to all IT decision making, the number of specialists will grow along with options for education and training for that specific skill set. These experts will be unafraid to breach, bend and break tech solutions to ensure they are secure. 7
  • 18. “Hiring professional hackers to try to break into our systems and identify the holes has been the most powerful way to convince management to pay for security projects!” — Nico, Senior IT Project Manager at a large global manufacturing company I ASK FOR A TRIAL AND THEN I TRY TO BREAK IT. I SPEND DAYS OR WEEKS LOOKING THROUGH THE SOURCE CODE, PLAYING WITH THE SETTINGS, GETTING ALL MY MOST BRILLIANT CODER FRIENDS TO TRY TO BEAT THE SYSTEM AND BREAK IN. THE BEST SECURITY SPECIALISTS ARE HACKERS AT HEART. — Waseem, Consultant and System Administrator for a small investment company   Did You Know? If the organization has a CISO with overall responsibility for enterprise data protection, the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response can also save as much as $41per record. ‘‘ ”
  • 19. THERE IS NO QUICK FIX As companies strive to get a handle on security, many are quickly realizing that doing it well means rethinking the entire IT security model. It’s not as simple as adding another layer; they often find themselves rewriting the rules on data access altogether. 8
  • 20. “There is NO reason for me to ever see client– identifying data. But right now, I could.” — Jonathan, Global Head of Data Transformation at a large finance company “Crunchy on the outside. Soft and chewy in the center.” — Danny, VP, System Designer at a large pharma company   A NEW MODEL FOR COMPANY SECURITY THE MOAT MODEL the old way the new way THE ONION MODEL roam free complete lockdown c-suite contractors + vendors
  • 21. SECURE SOLUTIONS VS. SECURITY SOLUTIONS  Enterprises are trying to strike the right balance between tools they trust and tools built specifically to further secure existing systems. As a result, no matter what the IT solution might be, security is a factor in the decision–making process. 9
  • 22. THERE IS THIS PARKING LOT THAT HAS ROUGHLY 50 STOP SIGNS IN IT. IF THERE WERE 10–20 WE’D PROBABLY STOP AT ALL OF THEM. INSTEAD, BY HAVING SO MANY, WE ARE ALL TEMPTED TO SKIP THEM ALL. THERE’S A TIPPING POINT WITH SECURITY SOLUTIONS. — Will, SaaS Consultant for a large technology solutions company   “Security should be a part of any architected solution.” — Mike, Senior IT Manager at a large telecom company ‘‘ ”
  • 23. RESISTANCE IS REALITY Security measures are seen as an impedance, not an enabler. Everyone feels the pain of extra passwords and multiple logins on productivity, so change is slow to happen, especially when it comes to things like BYOD. 10
  • 24. “Like anything else IT-related, the best course of action is to induce change by making users’ lives easier. Users are unlikely to prioritize a system’s security over their lives’ simplicity.” — Will, SaaS Consultant for a large technology solutions company HACKERS AREN’T SECURITY’S BIGGEST ENEMY. USERS ARE. — Bob, Full–time IT Consultant for a class–action services company In 2011, negligence accounted for 39% of data breach, slightly more than the 37% that came from malicious attacks. > Ponemon Institute State of Web Application Security The most common password used by global businesses is “Password1” because it satisfies the default MS Active Directory complexity setting. > 2012 Trustwave Global Security Report ‘‘ ”
  • 25. NOW GO DO THIS
  • 26. 1 EMBRACE THE COMPLEXITY Don’t overpromise or pretend to have the silver bullet. Ignoring the complications and speed of change means not understanding it. 2 OFFER A COMMON GROUND Unite ITDMs in the sense of security that comes with knowing everyone is dealing with these threats and no one has solved them. 3 ACKNOWLEDGE THE LAYERS Talk about security as the ecosystem it is. Each business needs to find the layers and tools that are right for them. 4 HELP THEM SPREAD THE WORD It can be difficult for ITDMs to sell solutions to their colleagues. Arm them with ways to talk about and show security solutions as a positive addition to the organization. 5 GET PERSONAL Don’t just tell them what the solution can do for their business, make it about what it can do for them. ITDMs are yearning for glory and respect. 6 BE A SOURCE OF COMFORT AND SUPPORT With all the complexities of security, ITDMs can’t go it alone. Be the partner they can turn to through thick and thin.