Security and Beyond – and Target’s Next Steps…

Today Westcon kicks off Security and Beyond in Utah,… while Sen. Patrick Leahy (D- VT) meets with the Senate Judiciary Committee. Today, as solution providers with a focus on security, gather to gain new insights on where to take their business over the remainder of 2014, “Four witnesses will sit before the esteemed senators to ostensibly discuss ‘Preventing Data Breaches and Combating Cybercrime.’ ” Says Huffington Post writer Adam Levin. In his article posted this morning he notes that “the Senior Vice President and Chief Information Officer of the recently-hacked Neiman Marcus and the Executive Vice President and Chief Financial Officer of the recently-hacked Target,” are being “called to answer for the untenably risky position in which both companies left tens of millions of Americans during and after the holiday season.” Should be interesting.

The Need for Stronger Security MSP Offerings

No one has cyber crime threats covered – even though I still hear this from IT people. A friend of mine who is tightly connected to a large international bank’s war games group (a group that predicts and tests scenarios for the bank before they happen), tells me that, while not covered, at least these large banks are actively, and proactively looking at threats and working hard to figure out what’s next and how to preempt an attack. But what about the mid-market and SMB companies out there? Can they do what’s necessary on their own?

As I mentioned in yesterday’s post, traditional approaches won’t work. I wrote back in 2007, in my book, The House & the Cloud, that preventative measures were useless except for the purpose of triggering a detection process – which would them kick off a response plan. 7 years later – some promising technologies have been developed, but as Mike McConnell, Vice Chairman of Booz Allen Hamilton (and former Director of National Intelligence for two years under Presidents George W. Bush and Barack Obama,) writes in today’s CIO Journal, “It is not enough to know what to do in cyber security, but given how quickly events occur, it is just as important to work out ahead of time how to do it…companies must begin the process of reimagining their cyber defenses immediately, or face the inevitable consequences.”

In McConnell’s article he writes, “This is the greatest call to action for chief information security officers in 2014: to accept and understand that a remediation-centric cyber defense is not enough, and to build a communications link to the C-Suite that breaks down the Tower of Babel between the server room and the board room.” He argues that companies must begin now by changing their approach to security from “One of compliance” to a more holistic model, much like the one I present in The House & the Cloud.

The New Security Model

Well, it’s not new, but McConnell puts some energy behind the idea that companies do need to change their mindset. In my talk tomorrow, I’ll be covering the key aspects of what I believe this model should look like. But in most cases the mid market companies, and certainly not the smaller companies, will not be able to afford this type of thing without an MSP that does it for them. The MSP has the ability to maintain a team of experts that deals with this on a daily basis – how can an SMB company, who might see this type of attack every once in a while, maintain the level of skills needed? They can’t. Only a security focused solution provider can do this.

PS. Consider joining us for an in-depth look at how to use this type of thinking to create justification with companies who just don’t want to spend money on security – Feb 10th, Sign up for the Insider’s Circle and join our training free of charge.