I sat through an interesting first day of keynotes yesterday and a pattern quickly revealed itself in the speeches or comments of the many and varied speakers.
So, I thought I would pen my own quick summary. I will resist the temptation to create a word cloud, but if I had, it would read like this:
Partnership – everyone is in it together when it comes to fighting the bad guys. The private and the public sector. So, a constructive conversation is critical to tackle the growing threat to national and international security.
Encryption matters – putting aside the many discussions of the merits (or otherwise) of the FBI and Apple case for a moment, encryption was identified as a vital tool in the protection armory of private and public sector organizations. Critical to protecting data and communications. And part of building the next word…
Trust – people need to trust the integrity of the technology they use or they will stop and find something else. They entrust technology with things that really matter to them. Hacks and breaches erode that trust. Erodes their confidence in the organizations that are victims. So effective defenses and prompt action are vital.
It’s not if, but when – you will be breached or attacked. Assume it is happening and prepare accordingly.
Prevention – adequate defense is not just about detection, monitoring and responding. It is about testing your defenses and thinking ahead to the next likely attack before it happens. And learning from your last experience.
Attack proliferation – attack numbers are growing rapidly. The nature of the attacks is changing. The bad guys are finding new ways to make money from their attacks. And…
Everyone is a target – big and small business, alike. Public and private sector. This is no longer a problem only those with big IT teams need to worry about.
Front page news – attacks make headlines. As we have seen with cases like Sony Pictures, what might have been limited to the technology community before is now the subject of presidential press conferences and news bulletins.
Data – there is growing value to be had by targeting data. A whole dark economy exists and not just for PII. Ransomware attacks show how attacks on data can cripple an organization. Also if data is stolen or manipulated it undermines our confidence in it and harms our ability to make the decisions we rely on it to make.
Humans – defense is part technology and part education and training. The human element of effective defense against cyber crime is a vital consideration.
Teamwork – a successful defense strategy can’t be limited to the CISO and the security team. It requires a strong commitment of people and resources across an organization. Cyber security is a board level consideration and the sooner that is realized and acted on the better.
Anyway, that’s it for day one. I’m off now to trawl the booths to see if another pattern presents itself.