Hansen Global Chief Information Security Officer Scott Weir’s every day is a bombardment of information. From data, dashboards and analysis of the ecosystem within the Hansen business to digesting the multitude of security stories happening in other businesses across the globe. Security can’t ever go to sleep, and it never stands still. Recently Scott shared some of his high-level thoughts about security at our North American Hansen Connect client event.
One of the key starting points for any business is how you can make it look less attractive to hackers.In doing this you need to start with understanding why security issues occur. Fundamentally this comes down to three key things; money, power, or influence. And who are the people wanting to exert these outcomes? Generally, they are Nation States, organised crime, hacking groups and lone wolfs. With that in mind, looking inward to your environment what are some common failings?
Companies fail in security for 4 common reasons:
- Underestimate the threat they face / value at risk; spend time thinking “what if” is always critical.What if our staff can’t access their work?You might have heard the story of the typewriters coming out of storage recently?!
- Poor security governance; a framework of review before building/adding to your environment is critical.It only takes one vulnerability to penetrate into your wider environment
- Security decay / under investment; new threats appear constantly, there is no set and forget
- Blind trust / no independent audit; we become blind to our own circumstances (do you sometimes forget exactly what happened driving to work today?), it’s important to have outside experts review your environment regularly and catch your blindspots.
THE IMPACT IS INCREASINGLY LARGER & LARGER
Since 2013, over 9 billion records have been lost or stolen – that’s more than the global population. Today on average 200,000 records are lost or stolen every hour & the average time to detect that a breach is 206 days, that’s a lot of data that can be exfiltrated. The number of data breaches has increased year on year and the cleverness of those breaches is also resulting in the time to detect a data breach is growing. The regulatory spotlight is also intensifying, and with the majority of breaches widely publicised there is no hiding the truth.
The level of remediation is also rising, and the longer it takes to detect a breach generally the more expensive it will be to fix it. Retrospective security is always costly. Don’t find out second hand. Put in place strong governance programs and work with vendors who understand the significance of the wider ecosystem. Unfortunately, it will likely happen to you, so best be prepared.
Scott Weir is Hansen's CISO. Read his full profile here.