Indecent exposure
Chris Potter – information security assurance partner at management consultants PWC – started this year’s first keynote with this statement: ‘As dependency grows, controls are improving, leading to fewer reported incidents. But some big exposures remain.’
This proved to be the overall theme of the keynote: that we’re doing well but mustn’t let up. Hardly surprising, given the setting, regardless of how accurate the sentiment may be.
He handed over to Guy Barker of Symantec, who essentially said ‘we’re doing well but we could do better.’
One interesting term he used, which we’d never heard before, was ‘spear-phishing’ also known as ‘whaling’. This seems to be the pro-active targeting of CEOs and other wig-wigs in order to extort money from them or steal their identities. It is in no way a comment on the average weight of a CEO.
Martin Sadler of HP Labs told us that, while data integrity and business continuity continue to be major drivers for expenditure at large companies, 28 percent of them have no disaster recovery plan at all. He also warned that 14 percent of such contingency plans are ineffective.
Lovely malware
Martin Smith of The Security Company summed up the essence of the security industry when he said ‘All these new security breaches are great for business – bring ‘em on!’
‘All these new security breaches are great for business – bring ‘em on!’
He also pointed out that a major vulnerability for many companies is its own staff and communication with them over their security obligations could be a lot better, on the whole.
PWC’s Potter summarised by saying: ‘The world has changed.’ He pointed out that corporations were spending a lot more on data security but that the vast majority of them are not even aware of BS7799/ISO27001 (Join the club – Ed).
He said that companies tend to think they’re better protected than they are and to illustrate he revealed that, in the survey, 78 percent of stolen computers were found to be unencrypted. He also said: ‘There is a skill shortage in security qualified staff.’
