Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Security: define and mitigate risks
SECURITY

Security: define and mitigate risks 

Neils Johnson, technical evangelist, Symantec, recently delivered a keynote address at the SC Congress in Toronto about defining and mitigating risks. He shared his thoughts on how to keep yourself and your data safe.

Johnson emphasized the need to integrate technologies directly into the information fabric to protect from threats. He defined the term “information fabric” as squeezing efficiency and effectiveness out of the existing infrastructure from a production perspective. Symantec sees it as all of the different layers of data. “The information fabric is where business is going,” Johnson asserted.

To integrate technologies into the information fabric, Symantec’s technical evangelist urged companies to abandon silos. He also recommended taking a holistic view of all digital assets. Johnson advised companies to protect remote parts of the infrastructure, not just local parts of the infrastructure. “You need to speak in terms of a distributed environment,” he commented.

Businesses also need to consider all aspects of data generation, Johnson noted. He added that data generation includes malicious and non-malicious categories, as well as anything that creates a log. “All of it has to go into these analytic engines to understand what’s going on,” Johnson remarked.

In order to protect your company’s information, you must be able to define risk. What should you keep in mind when attempting to designate what is a threat and what is not? “Think outside the box,” Johnson responded. “Risk comes in many more flavours today than it came in the past.” He pointed out that risk can be economic. Moreover, infrastructure strain can be an overlooked danger. Johnson explained that “infrastructure strain” can refer to hardware nearing the end of its life being pushed to its breaking point as well as woefully undertrained IT staff. “It’s always about more on the same old architecture,” he commented.

Johnson encouraged the enterprise to expand its definition of threats. “When we stop to think about risk, we need to think in terms of risk as the bad guys see it, not as we see it,” he said. “Too many times, we want to see risk in defined, static terms. The bad guys are looking for loopholes. We need to consider risk from an outside the box perspective.”

Once a company has defined its risks, how does it mitigate them? “There are some basic nuts-and-bolts things that need to happen,” Johnson replied. One of those basic things is making sure patch levels are up to date. “That’s going to eliminate 75% of all the breaches,” he commented.

Another factor in risk mitigation relies less on technology and more on people. “Invest in the IT staff themselves,” Johnson recommended. Offering training and education opportunities means member of the IT department will be better equipped to deal with threats and risk. Symantec’s technical evangelist noted that security solutions can deliver a great deal of actionable intelligence. If the IT staff cannot interpret it, that information is useless.

These risks affect large and small companies alike. He used the example of a large automotive manufacture and a small donut shop. “If a breach costs you 25% of revenue, does that hurt Ford any more than it hurt’s Bob’s Donuts?” he asked rhetorically. “If a breach impacts 50% of the machines, does that hurt Ford any more than it hurts Bob’s? The only difference between Ford and Bob’s Donuts is the amount of zeroes on the revenue report at the end of the month. The hurt, the pain, the work, the effort, the energy… in my mind, they’re exactly the same.”

{module Gone in 60 seconds}

Related posts