27 February 2013

WILFUL BLINDNESS AND WISHFUL THINKING...

Google  
Yesterday, an article on CBS Money Watch caught my eye: Businesses deluded about threat of cyber attack. The article was a short introduction to a recent survey conducted by Deloitte. And isn’t it spooky that the same old things keep cropping up everywhere?...
Unsurprisingly, the Deloitte report highlights that 88% of the businesses surveyed believe that they are not really at risk. As you would expect, they also identify lack of employee awareness and third party risks as top security vulnerabilities (46% of organisations don’t evaluate the security and privacy practices of vendors before sharing sensitive or confidential information, according to a recent Experian/Ponemon survey. If you’re not already fed up with trend predictions, see earlier blog post for my 2013 predictions.
But for me, these were not the most interesting points of the study...


A new flame has come...
Here goes, I have been waiting for ages to see this written somewhere, and here it finally is (quoted from Deloitte):


Executives at the world’s largest Technology, Media and Telecommunications companies have replaced compliance with implementing a 2013 security strategy and roadmap as the number one driver for improving information security. The study also reveals that companies are starting to recognize information security to be a fundamental business issue, with companies increasingly focused on cyber resilience, not just security.


OK, only 121 organisations were surveyed, but you have to start somewhere, and that’s a good start! Replacing compliance with a security strategy and recognising that information security is a fundamental business issue with an increased focused on cyber resilience are all steps in the right direction. To all of you security evangelists out there who have dedicated yourselves to demystifying infosec and making the stodgy digestible: your work has not been in vain! Keep it up...


I was privileged enough to be asked to chair an afternoon at the recent Merchant Payments Ecosystem conference in Berlin and during his “Digital wallet: security, trust and innovation” presentation, the Executive Director and former CEO of Skrill UK (formerly Moneybookers) said “we see security as a Unique Selling Proposition”. Enough said: a new dawn is coming...
 

And if that’s not enough, those who have been following RSAC 2013 will have heard Art Coviello, in his big data analytics pitch, extolling the virtues of a transformational information security strategy that concentrates on rapid detection and response to attacks.

Maybe some day...
So the trend is there, people are listening, let’s use it as a platform to make things better. I picked up this article today and whilst it is not directly related to security, I am sure many of my fellow professionals will empathise with the sentiment (and look through this with the lens of transactional analysis, log management, SIEM, incident response, etc.):


“Data scientists should understand how data impacts their business. Data scientists enjoy parsing enormous amounts of data very quickly. They value the speed at which they can ingest and compute massive amounts of data. Furthermore, data scientists like to make grand statements based on sample indicators they pull from large data sets. In advertising, the best insights are often minor alterations in trends which occur over long periods of time (and take time to see due to their nuanced nature). Advertising it is more about the art of storytelling than it is about having the fastest processes.” (<<< advice, talk to your marketing colleagues, there is a lot to be learnt from them).
 

And yes, good risk management can enable innovation and growth.
 

So let’s stop the wilful blindness and wishful thinking and do something about it... (see Bloomberg article)

Until next time,
neirajones