+
EDITOR’S QUESTION
/////////////////
SAM CURRY, CHIEF
SECURITY OFFICER,
CYBEREASON
T
here is a natural maturation of security and moving along it
can feel anything but natural. Maturing hurts and it can be
prodded in part with regulations, suffering from an attack or
increase of general awareness or even new security leadership.
By-and-large, the most advanced private
sector organisations from a security
perspective are banks, but that doesn’t
mean all of them have been through all the
growing pains and reached a ‘mature’ level
by any means. This can vary enormously by
size, geography and individual history
and idiosyncrasies.
Hospitals and healthcare are different.
Though generally not as mature from a
security perspective, they are often highly
sensitive to privacy, which is in some ways a
related discipline with a direct impact on and
from security.
Most hospitals are wrestling with changes
in infrastructure and understanding how
to improve security without impacting the
mission. Regulations here have a history of
maturing fast in the wake of the financial
sector, often adopting whole cloth the
language of earlier banking regulations and
reapplying them.
www.intelligentcio.com
Retail has had its own independent growing pains spurred on by the
twin motivations of PCI DSS regulation and being the target of fraud.
After banks beefed up security, the balloon bulged into other cash
out mechanisms like online commerce and gift cards – the payment
of choice for fraudsters. Retail is still lagging banks in some regards
but is generally ahead of other sectors, at
least among the largest providers with the
most readily available forms of cash.
“
ALL COMPANIES
SHOULD BE
MAKING AN
INVESTMENT
NOW BEFORE
THE PAIN OF AN
ATTACK AND
BREACH IS FELT,
IN CYBERSKILLS
AND PEOPLE.
However you slice it, though, the bad guys
still enjoy the advantages in cyber and win
too often. The security journey is just that: a
journey. It is not a destination.
This is a discipline with an active, adaptive,
intelligent opponent and while tools like
Machine Learning and AI are in the advanced
wave of most effective tools to help, the
real strength of a cyber programme is its
people. All companies should be making an
investment now before the pain of an attack
and breach is felt, in cyberskills and people.
Cyber is here to stay because it’s just too easy
for malicious actors from organised crime
to nation-states to develop skills in offensive
cyber – if you are a modern business, you are
online; and if you are online, cyberskills and
talent matter. Period. n
INTELLIGENTCIO
37