[ISN] The security game changes when the bad guys are backed by foreign governments

From: InfoSec News <alerts_at_private>
Date: Tue, 14 Aug 2012 05:47:32 -0500 (CDT)
http://www.networkworld.com/news/2012/081312-fidelis-george-261593.html

By John Dix
Network World
August 13, 2012

Fidelis Security Systems has an interesting perspective on the world of 
security, working, as it does, with the U.S. government to keep other 
countries from prying into some of our nation's most critical networks. 
Now that many of those same countries are after intellectual property 
housed by enterprise shops, commercial customers are knocking at 
Fidelis' door looking for help. Network World Editor in Chief John Dix 
talked to Fidelis CEO Peter George about the shifting threat landscape 
and what companies are doing to cope.


Let's start with a baseline question. How do you sum up the state of 
enterprise security today? Are we winning or losing the war?

The conventional wisdom, which I agree with, is we're behind, the gap is 
getting bigger and we're at a critical moment where we need to find a 
different approach if we're going to protect intellectual property and 
the things we have at risk. And customers are really getting it now. A 
couple of years ago if you went to the RSA conference and talked to CSOs 
in the oil and gas industries about the problem of nation-state 
adversaries penetrating critical infrastructure, half of them would get 
it, but the other half wouldn't. That's all changed now. This year at 
RSA, that group of CSOs is huddled in a corner, not just together, but 
also with stakeholders from the federal government who understand the 
threat and the guys in ponytails and sandals who are really smart 
security guys trying to figure out how to get in front of the problem. 
It's a national security problem and everyone's very aware of it and 
budgets are being applied, which didn't happen a couple of years ago.


Are you seeing responses from organizations across the board, or just in 
key industries like financial services?

This is an evolving thing, right? So a couple of years ago it was half 
the critical markets and now it's everybody in that, so that's moving 
downstream. But everybody in the Fortune 2000 that are concerned about 
their security posture are concerned about this particular problem -- a 
nation-state, an adversary, trying to steal something for financial 
gain. Which is really different from the old problem of a young kid 
trying to hack the network for fun. So the stakes are higher and it's a 
bigger issue. Smaller companies who may have less to lose or are not a 
primary target, are also looking for ways to manage the risk/reward. So 
a managed security service, for example, might be a good approach if 
they can't afford to buy the technology and the people to run it.

[...]
Received on Tue Aug 14 2012 - 03:47:32 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 14 2012 - 03:50:12 PDT