Cyber Security Event - Photos & Blog
On Dec 3rd, at the very atmospheric and - appropriately, given the topic - very secure, Honourable Artillary Company London, Harvey Nash staged its first ever Cyber event, and based on its success it won't be the last. Over 40 experts attended to help make it one of the most engaging evenings I can recall.
Keynote speakers were:
- Ed Savage, PA Consulting
- Marc Lueck, Director of Global Threat Management at Pearson
- Tom Ilube, CEO at Crossword Cybersecurity
- David Jones, Head of Information Security at BBC
View photos here
But what was it all about? The survey itself has three broad themes; convergence, scale and professionalism of the market. PA Consulting drew these out, and set the context by putting the debate in the boardroom. Or out the boardroom, depending on how successful you might be.
You see the boardroom has become a physical representation of the struggle in security. Can you get in there, and if you can, can you get the message across? A security figure in an organisation doesn't want to talk tech, they know what tools they can use. But the complexity of negotiating with the exec is a new frontier. Ed Savage quote a phrase from the survey about how IT professionals feel they have "done what I can do within the constraints I work in". The survey claimed professionals feel they have done all they can to protect their organisation. The problem is that this actually means to do as much as they feel is possible. It is then all too easy to claim those outside security don't understand the issues.
And that is where scale comes in, because the problem is huge and growing exponentially. The first attendee I spoke to had just dealt with an incident, and both the BBC and Pearson stated they had issues that day. I don't need to remind you of Sony. So what can be done?
If the board doesn't get it, how do you get the message across? Prevention, and awareness isn't working. If you tell an exec you must have money to fix a problem you aren't educating them. You scare everyone involved and no one else comes on the journey with you. And if you fail, you'll shoulder the blame alone and increase suspicion.
Security professionals must talk about education. It is about involving others in the conversation, sharing accountability and not merely blunt communication. If they succeed then security will be a richer, more mature sector and I imagine fewer brands will have to endure the embarrassment Sony have over the past 48 hours.
For more blog postings by Dave visit: http://dsavage84.wordpress.com/