You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
As expected, cybercrime is soaring worldwide<br />
and at the same time, the recession is<br />
shrinking IT security budgets in most industries.<br />
Do you see any strategies that<br />
can fill the void as the money runs out?<br />
What recommendations would you give to<br />
organizations?<br />
Now is one of the most critical times to not<br />
drop the ball on security. So much of security<br />
comes down to little decisions that employees<br />
make every day that inadvertently put a business<br />
or its customers at risk. <strong>Security</strong> tools,<br />
processes and technologies help to create a<br />
safety net for those mistakes, but when secu-<br />
rity budgets are cut, the net becomes tattered<br />
and leaky.<br />
The key is to create a culture of security and<br />
help make it infectious in an organization.<br />
Some companies have managed to evangelize<br />
security and bring awareness through<br />
brownbag lunches, security awareness events<br />
and sending "influencers" in the company to<br />
industry events like RSA Conference.<br />
Building awareness has the two-fold effect of<br />
helping employees make good securityconscious<br />
choices day-to-day and also keeping<br />
security in clear view of executives that<br />
need to make budgeting decisions.<br />
Building awareness has the two-fold effect of helping employees<br />
make good security-conscious choices day-to-day and also keeping<br />
security in clear view of executives that need to make budgeting<br />
decisions.<br />
Legitimate businesses are not the only<br />
ones impacted by an unstable financial<br />
system. What kind of ramifications is the<br />
economic downturn having on the underground<br />
economy? What type of remodeling<br />
can we expect to see in the near future?<br />
Most indications are that the underground<br />
economy is thriving and growing rapidly. In<br />
some ways it's also becoming more efficient -<br />
meaning that the prices for certain types of<br />
stolen data have stabilized - making this type<br />
of data more of a commodity. This is a scary<br />
situation for businesses because it means that<br />
it's getting easier to turn customer data into<br />
cash, which means the motivation to steal<br />
data is strong.<br />
There has also been a maturing in the underground<br />
services market, too. This means that<br />
someone that has malicious intent - who<br />
wants to launch a Distributed Denial of Service<br />
(DDoS) attack for example - but not the<br />
technical skills or resources to execute the at-<br />
tack can now outsource. The result is a<br />
broadened range of digital adversaries. All of<br />
this means that we're likely to enter a period of<br />
significant attacker innovation, making it more<br />
important to carefully monitor threats and keep<br />
up with the latest attack trends.<br />
Achieving more on a smaller budget and<br />
keeping an organization protected at the<br />
same time is on the table of many security<br />
professionals. Can we expect talks related<br />
to budgeting security at RSAC 2010?<br />
While we're still developing the content for<br />
RSA Conference 2010, budgeting for security<br />
is obviously top of mind for security practitioners.<br />
Some organizations, pushed by today's challenges,<br />
have been forced to innovate in the<br />
areas of security metrics and risk management<br />
to better use their budgets and minimize<br />
risk. I'm looking forward to seeing the results<br />
of that innovation at RSA Conference 2010.<br />
www.insecuremag.com 49