HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 6 MINUTES AGO.
You are here: Home / Enterprise I.T. / Human Element Overlooked in Security
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
Human Element Overlooked in Security, HP Expert Says
Human Element Overlooked in Security, HP Expert Says
By Adam Dickter / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
28
2014


Want to protect your data and make your enterprise more secure? Invest more in human resources than in technology, think like the bad guys, and redefine success in the war against cybercrime. That's some of the advice shared this week at the RSA Security Conference by Art Gilliland, Hewlett-Packard's senior VP for Software Enterprise Security Products.

Gilliland told some of the 25,000 attendees at the RSA conference in San Francisco's Moscone Center that his company's research shows that too many businesses rely excessively on software and hardware to protect their systems. Meanwhile, they skimp on safe practices by smart managers.

"We are over-invested in product," he said.

Rather than chase "silver bullets," he said, companies must invest in a trifecta of "people, process and technology." Companies that did so have seen 21 percent better returns on their investment and saved an average $4 million more than other companies.

Invest In Compliance

Based on assessments of 96 companies globally, HP found that most spent 86 percent of their security budget trying to block threats at the infiltration stage. Meanwhile, personnel had a minimalistic "check box" approach toward security practices and policies.

"Almost a quarter of the people implementing this strategy failed to meet the minimum security standards they set for themselves," he said. "They are aspiring toward the low bar of compliance. And, 30 percent failed to even meet compliance."

The war against hackers might seem like a lost cause since spending on defensive measures last year went up 20 percent, while damage from cyber criminals increased 30 percent, Gilliland said.

But he countered that the good guys and bad guys are held to different standards.

"There is a structural imbalance in our industry," said Gilliland in his address, which was recorded for viewing on RSA's Web site. "For us to define success, we need to be right every time, we need to be perfect. For the adversary to define success, he only has to be right one time." Give up looking at the war as a zero sum game, he said, because companies block the vast majority of threats.

Understand Your Enemy

Gilliland also said it is important to realize that criminals use the same methods and processes as anyone else to do their work. Only their motivation is different. So it's crucial to understand how their marketplace looks and works.

He detailed the layers of the "attack lifecycle," beginning with those who research and profile networks and systems, then put out feelers to sell that profile to someone else. The next person buys those profiles and uses them "either to understand what kind of toolkits to build or to trick us to break into the network through a bunch of access points," Gilliland said. Those access points can then be mapped and sold to someone else.

In the final step, the hacker accesses information, either to steal or destroy it. He noted that the data security industry spent $46 billion last year to protect itself from the rising level of threats.

Those threats made this year's RSA Conference the biggest in its 21-year history in terms of participants, exhibitors and speakers.

"Data security has been a prevalent theme this year," said John Shier, a security adviser with Sophos, in an e-mail from the conference. "The combination of the NSA revelations [about monitoring civilians] and the data breaches has meant that more people are looking for ways to protect their data, regardless of whether it's the supposed 'good guys' or the crooks that are trying to get their hands on it."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.
MORE IN ENTERPRISE I.T.
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
The FBI is pointing the finger of blame for the Sony Pictures cyberattack directly at North Korea. The hackers stole confidential data and caused the movie giant to can its new comic film, "The Interview."

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.