Back from my Florida vacation, and into snowy Boston. This afternoon I’ll be speaking to IT leaders in Boston (Many thanks to IOVations and Check Point for their sponsorship and participation!) Education is critical right now….I had the opportunity to interview Bill Sieglein, Founder of the CISO Executive Network, earlier this week. (Part of my SVLC Insiders Circle) Perfect timing in preparation for this event.
There’s a lot of buzz out there right now about information sharing, Obama, Sony, and most recently the catastrophic losses at Anthem (Where a Hackers stole data on up to 80 million current and former Anthem health care customers, including names, birth dates, Social Security and medical ID numbers, email addresses, street addresses, telephone numbers and employment data , including income.)
Mr. Sieglein works with thousands of CISOs throughout the U.S. through a series of roundtables where they discuss the current trends, share ideas, and look for answers. I had the opportunity to ask Bill about this Obama info sharing proposal. Will this actually help? He and I both agree, it’s not the answer. This morning the WSJ published an article on this subject written by Steve Norton. who I’ve also met through past CSI interactions. The bottom line – “Focusing solely on sharing specific threat information “only addresses one facet of a very complex space,” Mr. Libicki said in prepared remarks. “It is therefore highly questionable whether efforts to achieve information-sharing deserve the political energy that they are currently taking up.” More government oversight won’t stop hackers.
However, education can go a long way. Sieglein made the comment, “CISOs struggle to get the attention they need from other senior managers.” He went on to say, they do recognize that this is not about compliance – security and compliance are very different. It’s about predicted security and risk management.
In this afternoon’s session I plan to spend some time on the growing trends of mobility, cloud, and consumerization, and how these initiatives affect security. I’ll spend some time on the two big things companies are doing right now that are leading to big losses – one of them is, as I wrote in Data@Risk, the detection strategy is weak, or non-existent.
This issue us growing. If you’re not out there educating, you’re missing a great opportunity to help companies gain ground in the security battle. This is not a product sale. It’s a chance to help – which is a win/win for technology providers who understand the problem, and who have equipped their team to help solve it.