Security is big business, but has the role of securing networks and employees bloated to the point that businesses cannot properly protect themselves? Or is the speed of business moving too fast to care? On a roundtable episode with Beth-Anne Bygum, CISO at Acxiom and Anthony McMahon, CIO/CTO and Principle Consultant for Target State Consultants, the two discussed a host of topics, including if technology was moving too quickly for security measures to matter.
“We have to move at the speed of the business anymore because the ability to access, purchase, integrate, buy, share, is extremely fluid,” Bygum said. “It means one, we have to constantly press ourselves to be more efficient. Two, we have to constantly ask ourselves: is our defense fabric, the set of tools we use, even keeping pace with the tools my development teams are using?”
On this episode of IT Visionaries, our security series continues as Beth-Anne and Anthony take a look at why implementing proper security hygiene practices remains crucial to ensure better overall security. The two also touch on why security officials are having to constantly defend against attackers at the code level and why that problem can be solved by architects designing with security in mind. Enjoy.
Main Takeaways
- Practicing Good (Security) Hygiene: Until application developers start designing with security in mind, a best practice is to consistently be measuring the health and cleanliness of your current security measures. There are some downsides, like oversecuring and unwanted steps in some processes, but it remains the one of the only ways to properly protect a company and its employees.
- Feeling the Pressure: With the pace of business moving more quickly than ever, vendors are first to roll out new apps and services without thinking about security. This means that security teams are not able to provide proper risk assessments on these services prior to their installation and that leaves people at risk.
- Privacy by Design: The only way to avoid employees and businesses from feeling “oversecure” is for vendors to begin designing their applications with security in mind from the beginning and not as an afterthought.
For a more in-depth look at this episode, check out the article below.
Article
Security is big business, but has the art of securing networks and employees bloated to the point that businesses cannot properly protect themselves? Or is the speed of business moving too fast to care? On a roundtable episode with Beth-Anne Bygum, CISO at Acxiom and Anthony McMahon, CIO/CTO and Principle Consultant for Target State Consultant, the two discussed a host of topics, including if technology was moving too quickly for security measures to matter.
“We have to move at the speed of the business anymore because the ability to access, purchase, integrate, buy, share, is extremely fluid,” Bygum said. “It means one, we have to constantly press ourselves to be more efficient. Two, we have to constantly ask ourselves: is our defense fabric, the set of tools we use, even keeping pace with the tools my development teams are using?”
On this episode of IT Visionaries, our security series continues as Beth-Anne and Anthony take a look at why implementing proper security hygiene practices remains crucial to ensure better overall security. The two also touch on why security officials are having to constantly defend against attackers at the code level and why that problem can be solved by architects designing with security in mind. Enjoy
The two opened the conversation discussing the rise of digital assets and the recent shift in the type of attacks they are seeing within the industry.
“If you go back 10 of 15 years, digital wasn’t as prevalent as it is now,” McMahon said. “In many companies, cyberattacks were more covert. Hackers were stealing information and then maybe selling that information on the dark web. The value was in the information they could get. Whereas now we’re seeing a point where the value is actually not in the information, it’s actually in preventing someone from being able to do their job and having them pay up for it.”
With cyber criminals now focusing on preventing companies from completing a job, both Bygum and McMahon agreed that this has placed a renewed focus on security hygiene, which has led to a culture of oversecuring networks and frustrated employees with the strict measures that have been put in place.
“We’ve got to move away from the push down, thou shall not, here’s-a-set-of-policies-and-follow-the-policies-or-you’ll-be-in-trouble-and-HR-will-be-having-a-word-with-you mentality,” McMahon said. “That storytelling and articulating of why we do this because, and put a real spin on it and explain to our people and the people we’re working with the reason we’re doing something that may make their job a bit harder is actually to make sure they have a job in the future, because if they don’t get it right today and the business suffers an attack, it’s very unlikely they’re ever going to recover from that.”
But in order to get past those strict policies and a culture of oversecuring, that change has to occur at the code and development level, with vendors and app developers purposely designing with security in mind, something that Bygum said is currently not happening.
“[Security] has to be integrated,” she said. “Nobody wants to be the source of why there was a breach. So it behooves us all to really take ownership.”
To hear more from this roundtable conversation with Bygum and McMahon, make sure to check out the full episode of IT Visionaries!
To hear the entire discussion, tune into IT Visionaries here.