Newsletters
Customer Relationship Management News NewsFactor Sites:       NewsFactor.com     Enterprise Security Today     CRM Daily     Business Report     Sci-Tech Today  
   
This ad will display for the next 20 seconds. Click for more information, or
Home CRM Systems Customer Service Contact Centers Business Intelligence More Topics...
GET RECOGNIZED.
Let an ISACA® certification
elevate your career.

Register today and save
Customer Data
DDoS Protection Powered By Verisign
Average Rating:
Rate this article:  
Human Element Overlooked in Security, HP Expert Says

Human Element Overlooked in Security, HP Expert Says
By Adam Dickter

Share
Share on Facebook Share on Twitter Share on Linkedin Share on Google Plus

Based on assessments of 96 companies globally, HP found that most spent 86 percent of their security budget trying to block threats at the infiltration stage. Meanwhile, personnel had a minimalistic "check box" approach toward security practices and policies. Rather than chase "silver bullets," companies must invest in "people, process and technology."
 


Want to protect your data and make your enterprise more secure? Invest more in human resources than in technology, think like the bad guys, and redefine success in the war against cybercrime. That's some of the advice shared this week at the RSA Security Conference by Art Gilliland, Hewlett-Packard's senior VP for Software Enterprise Security Products.

Gilliland told some of the 25,000 attendees at the RSA conference in San Francisco's Moscone Center that his company's research shows that too many businesses rely excessively on software and hardware to protect their systems. Meanwhile, they skimp on safe practices by smart managers.

"We are over-invested in product," he said.

Rather than chase "silver bullets," he said, companies must invest in a trifecta of "people, process and technology." Companies that did so have seen 21 percent better returns on their investment and saved an average $4 million more than other companies.

Invest In Compliance

Based on assessments of 96 companies globally, HP found that most spent 86 percent of their security budget trying to block threats at the infiltration stage. Meanwhile, personnel had a minimalistic "check box" approach toward security practices and policies.

"Almost a quarter of the people implementing this strategy failed to meet the minimum security standards they set for themselves," he said. "They are aspiring toward the low bar of compliance. And, 30 percent failed to even meet compliance."

The war against hackers might seem like a lost cause since spending on defensive measures last year went up 20 percent, while damage from cyber criminals increased 30 percent, Gilliland said.

But he countered that the good guys and bad guys are held to different standards.

"There is a structural imbalance in our industry," said Gilliland in his address, which was recorded for viewing on RSA's Web site. "For us to define success, we need to be right every time, we need to be perfect. For the adversary to define success, he only has to be right one time." Give up looking at the war as a zero sum game, he said, because companies block the vast majority of threats.

Understand Your Enemy

Gilliland also said it is important to realize that criminals use the same methods and processes as anyone else to do their work. Only their motivation is different. So it's crucial to understand how their marketplace looks and works.

He detailed the layers of the "attack lifecycle," beginning with those who research and profile networks and systems, then put out feelers to sell that profile to someone else. The next person buys those profiles and uses them "either to understand what kind of toolkits to build or to trick us to break into the network through a bunch of access points," Gilliland said. Those access points can then be mapped and sold to someone else.

In the final step, the hacker accesses information, either to steal or destroy it. He noted that the data security industry spent $46 billion last year to protect itself from the rising level of threats.

Those threats made this year's RSA Conference the biggest in its 21-year history in terms of participants, exhibitors and speakers.

"Data security has been a prevalent theme this year," said John Shier, a security adviser with Sophos, in an e-mail from the conference. "The combination of the NSA revelations [about monitoring civilians] and the data breaches has meant that more people are looking for ways to protect their data, regardless of whether it's the supposed 'good guys' or the crooks that are trying to get their hands on it."
 

Tell Us What You Think
Comment:

Name:



Salesforce.com is the market and technology leader in Software-as-a-Service. Its award-winning CRM solution helps 82,400 customers worldwide manage and share business information over the Internet. Experience CRM success. Click here for a FREE 30-day trial.


 Customer Data
1.   Experian Debuts Anti-Fraud Platform
2.   Black Hat: Security Threats Aplenty
3.   Dynamics CRM Online Extends Reach
4.   Stopping Cyberattacks Like a 'War'
5.   Russian Gang Amass 1.2B Passwords


advertisement
Black Hat: Security Threats Aplenty
A range of nightmares for IT discussed.
Average Rating:
Stopping Cyberattacks Like a 'War'
Experts say crooks are winning so far.
Average Rating:
Dynamics CRM Online Extends Reach
Now available in 17 more countries.
Average Rating:


advertisement
Product Information and Resources for Technology You Can Use To Boost Your Business

Network Security Spotlight
Chinese Hackers Nab Info on Millions of U.S. Patients
A group of Chinese hackers has stolen the personal information, including names and Social Security numbers, of about 4.5 million patients at hospitals operated by Community Health Systems.
 
Premier FBI Cybersquad in U.S. To Add Agents
After helping prosecutors charge Chinese army officials with stealing trade secrets from major companies and by snaring a Russian-led hacking ring, the premier FBI cyber-squad is getting a boost.
 
Apple Opens iCloud Data Center in China
Treading lightly, Apple acknowledged it has started to store encrypted iCloud personal data of some Chinese users on servers in mainland China, operated by the state-owned China Telecom.
 

Enterprise Hardware Spotlight
Compression, Deduplication Come to Violin Concerto 2200
Violin Memory has announced that data deduplication and compression capabilities are now available on its Concerto 2200 solution. Typically, users will experience deduplication rates between 6:1 and 10:1.
 
Cisco Axes 6,000 Employees in Restructuring Plan
Faced with declining profits, Cisco is laying off up to 6,000 employees in the months ahead -- a whopping 8 percent of its global workforce. That's in addition to the 4,000 jobs Cisco cut last year.
 
Web Slows, Have Internet Routers Reached The Limit?
If you encountered problems connecting to the Internet on August 12, you weren't alone. Networking experts blame the wide-scale slowdown on outdated routing systems that are reaching their limits.
 

Mobile Technology Spotlight
Apple Stock Soars Ahead of iPhone 6 Launch
The imminent release of the iPhone 6 -- and maybe even an iWatch -- has sent Apple's stock soaring to new heights. Considering what else the firm could have up its sleeve -- the stratosphere may be the limit.
 
HTC Debuts Windows Phone Version of One M8 Smartphone
HTC is bringing the Windows Phone mobile OS to its flagship One M8 device -- the first time any mainstream flagship smartphone has been offered with a choice of operating systems.
 
Verizon Earns Top Rating in Mobile Network Comparison
A new report says Verizon Wireless was the top-performing U.S. cellphone service provider in the first half of 2014, on a nationwide and state-by-state basis, as well as in metro areas.
 

Navigation
CRM Daily
Home/Top News | CRM Systems | Customer Service | Contact Centers | Business Intelligence | Sales & Marketing | Customer Data | CRM Press Releases
NewsFactor Network Enterprise I.T. Sites
NewsFactor Technology News | Enterprise Security Today | CRM Daily

NewsFactor Business and Innovation Sites
Sci-Tech Today | NewsFactor Business Report

NewsFactor Services
FreeNewsFeed | Free Newsletters

About NewsFactor Network | How To Contact Us | Article Reprints | Careers @ NewsFactor | Services for PR Pros | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 NewsFactor Network. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.