FireEye: 'Insecure data is the new asbestos'

Speed remains the key to helping organisations maintain the agility needed to stay ahead of rapidly evolving cyberthreats, argued the panel at FireEye’s talk on Risk Management and Strategic Resilience.

"As a lawyer once said to me, insecure data is the new asbestos" quipped guest speaker Paul Dorey, Director of CSO Confidential, as he endeavoured to stress the scale of the issue.

It came as no surprise to anyone in the room that cybersecurity is having a bigger impact on organisations than ever before however, one of the greatest issues still facing the enterprise is how to bridge the gap between security teams and board members.

With dwell time for EMEA companies now averaging a staggering 106 days – almost a month longer than their global competitors – it’s clear more needs to be done. But what’s the solution?

Dorey firmly believed that forcing strategic conversations about cybersecurity onto the board is one vital way to go about this.

“It’s all about airing your dirty laundry in public and being prepared to wash it.” He explained. “Organisations have been avoiding the awkward question of strategic resilience for far too long.”

One question that emerged from the talk was where the responsibility for the weak link lies. Research has shown that the percentage of board members who are technology minded is only just into double figures. However, as Dorey went on to point out, board members have consistently voted cyber as the most underreported risk; a statistic which shifts the blame towards CISOs.

Undoubtedly, the scale and the scope of technology that enterprises now have in place goes some way to combatting today’s threats. But still more needs to be done in order to match the scale and speed of the emerging threats we’re seeing more and more of.

Dorey was keen to sing the praises of the updated Cybersecurity framework that was issued by the National Institute of Standards and Technology (NIST) earlier this year. While the investment it requires is certainly not insignificant, he said it has already proven itself as a leader in cybersecurity best practices.

Knowledge is power, communication is key

One key point that was continuously raised throughout the discussion was the notion that knowledge is power. Knowledge of your estate; there’s no point protecting your network if you’ve forgotten to secure all the mobile BYOD your employees are using. Knowledge of your organisation’s security strategy and knowledge of how to balance enterprise protection with business operations.

Automation has already started to be leveraged by some companies to improve their security strategy however, as Phil Packman, Client Security Director from BT pointed out, this can prove to be somewhat challenging for large, established organisations.

He did however note that while a number of their clients were already starting to enjoy the benefits of automation, use cases still tend to be on the small side.

“No one has yet embraced automation for that one killer process.”

The buzz around automation and orchestration is definitely out there, the emphasis now lies with businesses to judge their maturity levels and make smart investments in technology that will further enable it in the future.

Rounding off his talk, Dorey argued the key to cybersecurity relies on communication. In short, security teams need to be having simultaneous strategic and operational conversations with board members, emphasising the fact cybersecurity is no longer just one issue, it is in fact a whole cluster of problems.


« News Roundup: Oracle unofficially kills off Solaris


Overlook the insider threats at your peril »
Charlotte Trueman

Charlotte is Staff Writer at IDG Connect. She is particularly interested in the impact technology will have on the future of work and promoting gender diversity throughout the tech industry.

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?