If recent reports about security breaches happening around the world is any indication, enterprise security is becoming even more urgent a matter for CIOs and CSOs to focus on. Yet, there seems to be a lack of concerted effort to ensure better risk management all round. We speak to Michael Sentonas, global vice president and CTO for McAfee Security Connected on what need to be done to stay safe, not sorry.
Photo: Michael Sentonas
Question: Data leaks and security breaches have become almost unavoidable, judging from the spate of such incidences this past years that brought down some reputable names in retail as well as in the financial sector. What should companies, consumers as well as governments expect in their effort to ward off such threats?
Michael Sentonas: 2014 brought the latest in a series of events that worked to shake confidence in a Trusted Internet. Exploits of high-profile vulnerabilities, such as the recent security breaches in organisations like KBox and M1, as well as attacks on the local government sites, shook confidence in long-established Internet trust models. The sophistication and impact of these and other attacks shook organisations' confidence in their ability to detect and deflect attacks before serious damage occurs.
Restoring trust in 2015 will require stronger collaboration and new standards for a new threat landscape. Organisations must also dramatically reduce time-to-detection with connected, adaptive security that amplifies the collective capabilities of individual solutions.
Data privacy and protection have gained deeper attention as users become more aware of privacy issues. Yet, organisations don't seem to be able to plug the leak. Where have they erred? What more need to be done?
Data privacy and protection will continue to be an issue in the coming year, as governments and organisations continue to struggle with what is fair and authorised access to imperfectly defined 'personal information.' 'Fair' is a concept that is subjective to system users, customers or employees of businesses, or citizens of a nation state, making it tricky for organisations to play out their security role.
The following years will see a trend of the ever-increasing scope of data privacy rules and regulations, with all their breach requirement and security specifications, into the realm of the previously anonymous data sets.
For example, by the end of 2015, we expect to see the European Union update its 1995 Data Protection Directive with a 2016 Data Protection Regulation that will take effect in all EU member states and will reach all international organisations. This move on the part of the EU is perhaps the loudest of the public policy machinations, but countries in Latin America, Australia, Japan, South Korea, Canada, and many others will become more aggressive and more specifically territorial with data privacy laws and regulations.
Sign up for CIO Asia eNewsletters.