Google
Yesterday, an article on CBS Money Watch caught my eye: Businesses deluded about threat of cyber attack. The article was a short introduction to a recent survey conducted by Deloitte. And isn’t it spooky that the same old things keep cropping up everywhere?...
Unsurprisingly, the Deloitte report highlights that 88% of the businesses surveyed believe that they are not really at risk. As you would expect, they also identify lack of employee awareness and third party risks as top security vulnerabilities (46% of organisations don’t evaluate the security and privacy practices of vendors before sharing sensitive or confidential information, according to a recent Experian/Ponemon survey. If you’re not already fed up with trend predictions, see earlier blog post for my 2013 predictions.
But for me, these were not the most interesting points of the study...
A blog about information security, payments, risk, fraud, digital innovation and social media... Connect on LinkedIn?
Showing posts with label CISO. Show all posts
Showing posts with label CISO. Show all posts
27 February 2013
28 January 2013
GAZING AT 2013: THE RIGHT FOCUS AND THE RIGHT LANGUAGE...
Google
Well, it’s the New Year, and I wish you all the best for a fantastic 2013! I can’t believe my last post was in November! And it’s already the end of January! So I thought I’d get in quickly with my two pennies worth of crystal ball gazing before it becomes unfashionable... What did we learn from 2012? Are there any interesting market trends? How does it affect security? What is the current state of information security and how is it shaping up? Are we getting any better? If any of these questions spark your interest of if you’d just like to see if my Nostradamus impression has something in it, read on...
Well, it’s the New Year, and I wish you all the best for a fantastic 2013! I can’t believe my last post was in November! And it’s already the end of January! So I thought I’d get in quickly with my two pennies worth of crystal ball gazing before it becomes unfashionable... What did we learn from 2012? Are there any interesting market trends? How does it affect security? What is the current state of information security and how is it shaping up? Are we getting any better? If any of these questions spark your interest of if you’d just like to see if my Nostradamus impression has something in it, read on...
15 July 2012
FAILING GRACEFULLY...
Google
Sometimes, despite our best endeavours, things just don't work out the way we planned...
You know the feeling: you think you have it all under control, you think you've engaged with the right people, you have buy in from those who matter, the right culture is in place, you're not struggling for investment and bang! you get hacked. Overwhelming sense of failure ensues. Where did it all go wrong?...
You know the feeling: you think you have it all under control, you think you've engaged with the right people, you have buy in from those who matter, the right culture is in place, you're not struggling for investment and bang! you get hacked. Overwhelming sense of failure ensues. Where did it all go wrong?...
9 May 2012
CLOSE ENCOUNTERS OF THE THIRD (PARTY) KIND...
Google
Phew... The last month was absolutely hectic, with all those conferences falling within the same short period of time! With all that, I was privileged enough to have been asked to speak at both Internet World and Infosecurity Europe. Two very different experiences... Whilst it is expected to be talking about security at an infosec conference, it is always welcome to be asked to present about security matters at an event with a different focus - in this instance, everything digital... (see my previous post on the subject). It was nevertheless surprising, walking the show floor at Internet World, talking to vendors and poring over the agendas in the various theatres, how little security featured. With everything about the show related to "cyber", not many had made the obvious leap to "cybercrime"... So, on the way to our Devil's Tower, our quest is still to find our curwen hand signs to communicate with the third (party) kind...
Phew... The last month was absolutely hectic, with all those conferences falling within the same short period of time! With all that, I was privileged enough to have been asked to speak at both Internet World and Infosecurity Europe. Two very different experiences... Whilst it is expected to be talking about security at an infosec conference, it is always welcome to be asked to present about security matters at an event with a different focus - in this instance, everything digital... (see my previous post on the subject). It was nevertheless surprising, walking the show floor at Internet World, talking to vendors and poring over the agendas in the various theatres, how little security featured. With everything about the show related to "cyber", not many had made the obvious leap to "cybercrime"... So, on the way to our Devil's Tower, our quest is still to find our curwen hand signs to communicate with the third (party) kind...
22 April 2012
WHO ARE YOU PREACHING TO ANYWAY?...
Google
I recently was
privileged enough to be asked to present at a merchant forum in London. Interestingly,
the intended recipients had been very much in the driving seat since they had
selected the topics themselves. After my previous posts (Part 1 and Part 2) on
connecting the dots between information security, risk and fraud, you can
imagine my pleasure that I, alongside my fellow speakers, were asked to do just
that... A delightfully interactive audience, some very interesting chats at the
breaks and the recent buzz about the value of security conferences prompted me
to share some thoughts on how actively to engage with your stakeholders and get
the results you need...
9 April 2012
5 STEPS TO A SUCCESSFUL SOCIAL ATTACK - What's Your Threshold?...
Google
In a previous post, I highlighted that mass marketing fraud against individuals cost the UK economy £3.5 billion in 2011, that is ten time more than the cost of plastic card fraud in the same year, or equivalent to the total fraud losses incurred by the financial services sector in the same period! Sobering perpective, don't you think? We all know that mass marketing fraud is where criminals aim to defraud multiple individuals to maximise revenue by persuading victims to
transfer monies in advance in exchange for
promised goods, services or benefits. And we all know that this is usually done via mass-communications media (such as telephone calls, letters, emails and text messages) and ranges from foreign lottery/ sweepstake frauds through to ponzi schemes and romance frauds or any other abuse of trust... So, we all know better, don't we?...
4 March 2012
MANAGE RISK BEFORE IT DAMAGES YOU: PART TWO...
Google
In the previous
post, I spoke about the importance of having an asset register and how
crucial asset classification is. After all, not many of us have unlimited
resources, therefore focusing investment where it matters most is the way to
go. Whilst I was thinking about this, the link between changing the CISO
traditional attitude and the necessity for risk management became even more
apparent and I would like to expand on the trinity of “Asset, Technical
Services and Business Need”...
26 February 2012
MANAGE RISK BEFORE IT DAMAGES YOU: PART ONE...
Neira Jones on Google+
After my part
1 and part
2 posts on incident response and the last post on cloud
computing security, a number of you requested I talk about risk assessments.
Since it’s currently my favourite topic, I am more than happy to oblige... First,
a few facts:
- Epsilon was breached in the first quarter of 2011. At the time, they built and hosted customer databases for 2,500 well-known brands and sent more than 40 billion emails a year on their behalf.
- Not long after, the Sony breach ended up compromising personally identifiable information for more than 100 million of its customers.
Obviously, for both organisations, customer information is a
key asset...
29 January 2012
THE RISE OF THE NEW CISO: RISK MANAGEMENT vs COMPLIANCE
Google
For those who didn't attend PCI London on 25th January 2012, I reproduce here the article I wrote for their magazine, I hope you find it of some use... :)
THE RISE OF THE NEW
CISO: RISK MANAGEMENT VS COMPLIANCE
Last year at PCI London 2011, my article for this magazine
was about the need to move from Compliance to Risk Management and I hosted a panel
of industry experts from Visa Europe, MasterCard, the PCI SSC, IRM plc as well
as representatives from John Lewis plc and the Home Retail Group. It was
undeniable that retailers and merchants in general, have felt the need for some
while to invest where business value can be derived. The concept of risk management,
when it comes to looking at Payment Security, undeniably struck a chord!
Subscribe to:
Posts (Atom)