Our thoughts on the RSA conference in San Francisco
“There is much greater awareness of the importance of protecting data in order to protect your business, protect your customers and protect your brand,” said Alertsec’s CEO Ebba Blitz following the RSA Conference in February. “Information security is now a board-level discussion because it has become so fundamental to business.”
The RSA Conference provided an opportunity for Ebba and the Alertsec team to meet with customers and exchange views with other industry leaders about developments in IT security.
To help you stay ahead of the changing security landscape, we are focusing this special edition on the key issues emerging from the conference. Developments such as the Internet of Things (IoT) get the headlines but is that what customers should be focusing on? We asked Ebba to share her thoughts about the real changes that business leaders need to be aware of.
In the interview below, Ebba talks about how cyber-security is changing the operating environment for large and small enterprises, and gives her recommendations for managing the new risks that businesses face.
We asked Ebba what IT security changes should business leaders be aware of?
Threat landscape:"The IT security threats we’re facing haven’t really changed; we’re still talking about detecting hackers on the network and preventing data breaches and phishing emails”, says Ebba. “What has changed is that the criminals have moved down the food chain. SMB’s find themselves operating in an environment where cyber-crime is more prevalent. It seems unfair that you were small to begin with and yet you’re more likely to get robbed!
Security perimeter: "Many large enterprises are partnering with small business specialists and it’s great to see these opportunities for SMB’s to grow. But data sharing effectively makes the perimeter of your IT network wider as data moves to be hosted or processed by third parties. Senior executives need to recognize that they have a responsibility not only to manage their own IT security but also to ensure third party associates take appropriate data protection steps."
Business risk: "Cyber crime has changed the profile of business risk for large and small organizations. Losing a laptop is no longer just an inconvenience and minor cost; it has the potential to put your company on hold as you deal with the cost of law suits, fines and fixing the gaps in your data security.”
How is industry responding to these issues?
C-Suite awareness: "What I did see at the RSA Conference was a much greater awareness of IT security issues. The role of CISO was unknown until relatively recently and is a welcome change, bringing the discussion about data protection into the board room."
Cloud-based IT security: "Another welcome change is the growth of cloud-based security services. For SMB’s IT security can feel like a balancing act as you weigh up how much protection is really needed against how much it will cost. Sharing resources makes so much more sense and we’re seeing more MSSP’s (managed security service providers), making IT security more accessible and affordable.”
What steps can business leaders take to manage these new risks?
IT security has become more complex but Ebba has this advice to help executives manage the risks:
"Operational risk: Prioritize regular training to keep security top-of-mind and enable staff to recognize scams and follow best practice.
Reputational risk: Customer trust can be eroded following a data breach. Put an incident response plan in place to minimize the impact of an event.
Functional risk: A data breach or cyber attack can stop your company functioning effectively. Put encryption on the agenda before the laptop is lost.
Third party risk: Data sharing is now common practice, but third party suppliers are often less secure or unaware of the risks. CISO’s need to understand where data is stored beyond the corporate network and ensure effective tools such as encryption are deployed."
In a recent interview with The Huffington Post, Ebba highlighted how small business owners and subcontractors have a vested interest in taking control of data protection. “Data security used to be in the interest of large companies, but that’s not the case anymore because large companies work with small companies.” The message is that failing to protect the integrity of customer information can impact everyone in the chain.
“Anyone that shares data with anyone else needs to look at their IT security. If everyone had a complete IT security chain, there wouldn’t be anything for these crooks to get.”