CHALLENGED THEY REALLY ARE!
When the challenge can decimate you how can decide to remain challenged. This is the state of Cyber Security preparedness and status which comes out of a session on disconnect between the security and business development in an enterprise at the ISMG Fraud and Breach Summit in Banglore this evening. What emerged is really astonishing, disconnect is an understatement, disconnect happens when the issue is understood in the present dimension, shape and intensity, which is not the case.
Understanding firewalls, IPS, IDS, anti-virus, vendor cyber security tool is not enough, if you don’t have an understanding of the real threat, rest is useless. Read the world around you from RSA to Black Hack conferences, from hacktivists to Lazarus, the depths of the DarkNet, only this backdrop can bring you to the initiation stage. Trying to guess the stance of North Korea without even knowing lethal capability of Lazarus can land you in a situation out of which you can’t come out. This is what a MNC tries to do.
Hacks are in the 5th generation and the cyber security response is in the second generation. People who the blame the government for its pace cannot defend their own pace of cyber security technology adoption. As if Bank of Bangladesh and closer home COSMOS Bank hacks have not been enough and also the host of attacks by Lazarus on banking and financial institutions in a host of countries. When will the banks put their own house in order. They feel they can get away with it. Tests by external hackers by banks is just a gimmick.
Does management understand data, data classification and the appropriate response or is it rock and roll from one compliance to the other. Why has encryption not been implemented end to end? How is resilient is the system, has it even been checked? In there any security ratings for the companies? After messing it up expecting govt. to clear the mess will not work, while the company keeps on harvesting data. Collaboration is the way ahead. Details have to be worked out.
BOTH THE CISO AND CEO/MANAGEMENT ARE AT A LOSS.