Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

CIOs need to craft a solid enterprise security strategy: Gavin Struthers, Intel Security APAC

Zafirah Salim | June 4, 2015
Delving deep in the topic of enterprise security, Struthers talks about how CIOs, or IT managers, can work on developing an effective security strategy in the workplace.

Indeed, modern workers demand the ability to work whenever and wherever they can, and mobility through cloud systems or the newest trend of wearables has opened the door to this new approach.

To face the concerns of the security of mobile devices and risk of data breach, we suggest shifting the focus to control content and applications rather than a number of single devices. With this, you not only have integrate BYOD into your overall security framework, but also clearly define and communicate a company's BYOD policy, implement policy enforcement mechanisms, and evaluate the applications and software you intend to support.

One of the security concerns relating to BYOD is the data security of corporate information. Now, businesses are coming to a realisation that recovery is as important - if not more important - than prevention in a data breach. Can you elaborate on this need to evolve from a prevention-based strategy to a lifecycle defense?

There is a saying in the security community that there are only two kinds of organisations: Those who have been hacked and those who haven't detected it yet.

It is clear that many organisations are under constant attack and the question now is how well do they detect and deflect these attacks, and how well do they manage the crisis of a breach should it happen. The traditional model of a ring-fence defense is overhauled. To face today's realities, we have to implement layered defense mechanisms and should assume that security has been breached one way or the other as status quo.

Therefore, Intel Security's approach is to define an innovative and structured way for collaborative and adaptive security, moving beyond siloed, reactive platforms to adaptive security postures that evolve with changing threat landscapes. A unified framework is a more sustainable way for organisations to reduce risk, incident volume and response time, and lower overhead and operational staff costs.      

And how critical is the human element in maintaining this enterprise security? Would you say that employees represent the biggest security loopholes?

A recent report titled Tackling Attack Detection and Incident Response by Enterprise Strategy Group (ESG), commissioned by Intel Security, found that five of the top seven  causes of successful targeted attacks are linked to human behavior:

  • 38% - Lack of user knowledge about cybersecurity risks (i.e., clicking on unknown links, opening e-mails from unknown sources, etc.)
  • 30% - Increasing use of social networking sites (i.e. Facebook, Twitter, LinkedIn, etc.) by employees provided a malware distribution channel for cyber adversaries
  • 29% - Sophisticated social engineering tactics (phishing) by cybercriminals that made activities (emails with links) appear trustworthy
  • 26% - Increasing use of personal business services (i.e., Dropbox, Evernote, PC Backup, etc.) by employees provided a malware distribution channel for cybercriminals
  • 24% - Bring your own device polices introduced many different types of PCs into our network making it harder for security and IT operations staff to control and secure endpoint systems

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.