Where is the transformation happening? IT is being aligned with business to enable security officers to rope in more security measures.
Security Perception Changes
Before evolving the laws and relevant corollaries, it is also essential to look back as to why the field of information security is evolving faster than ever. Now, senior leadership across enterprises is taking interest.
Shift in Attackers
Attackers are after much more than traditional monetizable data drive hacktivism, state-sponsored attacks and IP attacks breaches.
Change in User Expectations
Security is being woven into service level agree-ments and price, process maturity and scale can only go so far assurance is also key.
Todays Social Concern: Hackernomics
A social science concerned chiefly with description and analysis of attacker motivations, economics, and business risk, hackernomics is characterised by 5 fundamental immutable laws and 4 corollaries.
5 Laws:
- Most attackers arent evil or insane; they just want something.
- Security isnt about security. Its about mitigating risk at some cost
- Most costly breaches come from simple failures, not from attacker ingenuity
- In the absence of security education, people make poor security decisions with technology
- Attackers usually dont get in by crack-ing some impenetrable security control, they look for weak points like trusting employees
Corollary:
- No budget to protect against evil people but against them who are looking for weaker targets
- In the absence of metrics, we tend to over focus on risks that are either familiar or recent
- Bad guys can, however, be very creative if properly incentivised
- Systems need to be easy to use securely and difficult to use insecurely
- Business teams and users are already consuming the best technology at will
The Plateau Effect: How enterprise is evolving
The three steps to business assurance are about having continuity, agility and governance.
Dr. Hugh Thompson, Senior VP & Chief Security Strategist, Blue Coat
Add new comment