Yesterday, an article on CBS Money Watch caught my eye: Businesses deluded about threat of cyber-attack. The article was a short introduction to a recent survey conducted by Deloitte. And isn’t it spooky that the same old things keep cropping up everywhere?…
Unsurprisingly, the Deloitte report highlights that 88% of the businesses surveyed believe that they are not really at risk. As you would expect, they also identify lack of employee awareness and third party risks as top security vulnerabilities (46% of organisations don’t evaluate the security and privacy practices of vendors before sharing sensitive or confidential information, according to a recent Experian/Ponemon survey. If you’re not already fed up with trend predictions, see earlier blog post for my 2013 predictions.
But for me, these were not the most interesting points of the study…
A new flame has come…
Here goes, I have been waiting for ages to see this written somewhere, and here it finally is (quoted from Deloitte):
“Executives at the world’s largest Technology, Media and Telecommunications companies have replaced compliance with implementing a 2013 security strategy and roadmap as the number one driver for improving information security. The study also reveals that companies are starting to recognize information security to be a fundamental business issue, with companies increasingly focused on cyber resilience, not just security.”
OK, only 121 organisations were surveyed, but you have to start somewhere, and that’s a good start! Replacing compliance with a security strategy and recognising that information security is a fundamental business issue with an increased focused on cyber resilience are all steps in the right direction. To all of you security evangelists out there who have dedicated yourselves to demystifying infosec and making the stodgy digestible: your work has not been in vain! Keep it up…
I was privileged enough to be asked to chair an afternoon at the recent Merchant Payments Ecosystem conference in Berlin and during his “Digital wallet: security, trust and innovation” presentation, the Executive Director and former CEO of Skrill UK (formerly Moneybookers) said “we see security as a Unique Selling Proposition”. Enough said: a new dawn is coming…
And if that’s not enough, those who have been following RSAC 2013 will have heard Art Coviello, in his big data analytics pitch, extolling the virtues of a transformational information security strategy that concentrates on rapid detection and response to attacks.
Maybe Someday…
So the trend is there, people are listening, let’s use it as a platform to make things better. I picked up this article today and whilst it is not directly related to security, I am sure many of my fellow professionals will empathise with the sentiment (and look through this with the lens of transactional analysis, log management, SIEM, incident response, etc.):
“Data scientists should understand how data impacts their business. Data scientists enjoy parsing enormous amounts of data very quickly. They value the speed at which they can ingest and compute massive amounts of data. Furthermore, data scientists like to make grand statements based on sample indicators they pull from large data sets. In advertising, the best insights are often minor alterations in trends which occur over long periods of time (and take time to see due to their nuanced nature). Advertising it is more about the art of storytelling than it is about having the fastest processes.” (<<< advice, talk to your marketing colleagues, there is a lot to be learnt from them).
And yes, good risk management can enable innovation and growth.
So let’s stop the wilful blindness and wishful thinking and do something about it…
Until next time,
neirajones
About Neira Jones
With more than 20 years Financial Services experience, Neira is currently Head of Payment Security at Barclaycard where she is responsible for security compliance of circa 100,000 customers & 3rd parties. She has received the Information Security Person of the Year Award in April 2012 from SC Magazine at the same time as her team scooped up the prestigious SC Magazine Award for Information Security Team of the Year for the 2nd year in a row.
Not content with this, February 2012 saw Barclaycard winning two awards at the Merchant Payments Ecosystem conference for “Data Security” & “Merchants” for successfully steering Barclaycard and its customers through the changes in payment security, and in particular with the PCI DSS (Payment Card Industry Data Security Standard). She is a member of the Infosecurity Europe Hall of Fame and has been on the PCI Security Standards Council Board of Advisors since 2009.
Follow Neira on Twitter:@NeiraJones