- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Is your security plan proactive or reactive?
Websense Security's research chief believes too many CSOs are still relying on reactionary plans for protecting their organization. Are you one of them?
Charles Renert, vice president of research and development for Websense Security Labs, stopped by CSO’s headquarters today. The discussion was primarily around an upcoming threat landscape report Websense will be releasing soon. But we also had the chance to discuss Renert’s perspective of what he said is a continued emphasis on “reactionary” security among many organizations and security leaders.
"A lot of the companies I talk to don’t make a proactive investment,” Renert told me. “They wait to be attacked, then put measures in place. But, in the heat of the battle, you aren’t going to have good security architecture in place.”
Renert made what I thought was an interesting statement about being “proactive” with regard to your security posture.
“Proactivity helps you understand how the attackers work. When you put your mind into the framework an attacker works from, you see the kind of opportunities they look for.”
As most of you know, primarily, hackers are seeking financial gain these days. But those attacks can come in many forms; from theft of IP, to invasion of privacy of a certain employee to extract key data, to web site or other brand defacement because they are working for an entity that is trying to sully your reputation.
These types of attacks are becoming more targeted, more long-term in the hope of paying off with a “big win” in the end, said Renert. But security leaders at many organizations still aren’t paying enough attention.
Feeding into their distraction, said Renert, are the constant headlines about hacks to sites like Twitter and Facebook, which tend to get a lot of tongues wagging, but do not really represent the kind of threats an enterprise needs to guard against.
“A security executive will call me and say ‘Twitter was hacked again. What can I do to protect my users?’”
While well-meaning, Renert believes the emphasis on these kinds of high-profile threats is misplaced, and all organizations need to reexamine their own internal controls to ensure they reflect the real attacks they are up against – which can be going on silently, in the background, undetected for years.
“The punchline for CSOs is that the controls that have been deployed, and the way CSOs think about security, doesn’t always reflect the reality of the threat landscape today,” he said.
Do you agree with Renert’s assessment? Is your security posture proactive or reactive?
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Continuous Monitoring and Mitigation -- the New InfoSec Frontier
- RSA Security Analytics Case Study
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- VMware Cloud Credits Program
- Insights from the 2013 IBM Chief Information Security Officer Assessment