NC1703
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
COMMENT<br />
COMMENT<br />
OWNERSHIP: ACCEPT RISK AND EMBRACE<br />
CHALLENGE<br />
BY RAY SMYTH, EDITOR<br />
Arecent speech made at the Usenix Enigma security conference by Dr Ian Levy, the Technical<br />
Director at the UK's National Cyber Security Centre, caused a bit of a kerfuffle when he<br />
said that, in effect, the cybersecurity vendors overplayed the ability of hackers. More usefully,<br />
he also advised organisations not to exclusively rely on advice from organisations that make<br />
their living from cybersecurity.<br />
Everyone who cares about cyber defence occupies their own cloister from which little should be<br />
allowed to emanate, yet most of them cannot also be experts in the field as well the head of IT,<br />
marketing or the Board. I felt it was a shame then that something else Dr Levy said received little<br />
subsequent attention, namely "If you want advice, if you want threat information, if you want to<br />
manage an incident that is going on, come to us and we'll do it for you."<br />
This I believe is absolutely revolutionary. Not because it usurps security vendors - it doesn't and<br />
wasn't intended to - but rather because it means organisations can now get the advice and guidance<br />
to build the cyber defence strategy that they need, as opposed to one that is prescribed, by<br />
referring to an organisation that by definition has a top-level oversight as opposed to a silo view.<br />
Given the inevitability of an attack, that same organisation can now get real help - and it might<br />
just mean the difference between the survival or failure of their business.<br />
EDITOR: Ray Smyth<br />
(ray.smyth@btc.co.uk)<br />
REVIEWS:<br />
Dave Mitchell<br />
Ray Smyth<br />
SUB EDITOR: Mark Lyward<br />
(netcomputing@btc.co.uk)<br />
PRODUCTION: Abby Penn<br />
(abby.penn@btc.co.uk)<br />
DESIGN: Ian Collis<br />
(ian.collis@btc.co.uk<br />
SALES:<br />
David Bonner<br />
(david.bonner@btc.co.uk)<br />
SUBSCRIPTIONS: Christina Willis<br />
(christina.willis@btc.co.uk)<br />
PUBLISHER: John Jageurs<br />
(john.jageurs@btc.co.uk)<br />
Published by Barrow & Thompkins<br />
Connexion Ltd (BTC)<br />
35 Station Square,<br />
Petts Wood, Kent, BR5 1LZ<br />
Tel: +44 (0)1689 616 000<br />
Fax: +44 (0)1689 82 66 22<br />
SUBSCRIPTIONS:<br />
UK £35/year, £60/two years,<br />
£80/three years;<br />
Europe:<br />
£48/year, £85/two years £127/three years;<br />
ROW:<br />
£62/year, £115/two years, £168/three years;<br />
Subscribers get SPECIAL OFFERS — see subscriptions<br />
advertisement; Single copies of<br />
Network Computing can be bought for £8;<br />
(including postage & packing).<br />
© 2017 Barrow & Thompkins<br />
Connexion Ltd.<br />
All rights reserved.<br />
No part of the magazine may be<br />
reproduced without prior consent, in<br />
writing, from the publisher.<br />
If this is to work, and I hope that it will, it will be necessary for a change in both vendor and user<br />
organisations. Vendors will need to understand what it means to engage with better informed and<br />
more confident customers who know more about what they want, and user organisations will<br />
need to stop hiding behind the claim that it's too hard or difficult, and energetically accept that<br />
cyber defence is part of doing business, much in the same way that the production of financial<br />
accounts is.<br />
As Dr Levy suggest, buying a bigger amulet will not make an organisation any less vulnerable,<br />
but moving away from fear, uncertainty and doubt might.<br />
Ray Smyth - Editor, Network Computing.<br />
Ray.Smyth@BTC.CO.UK | https://twitter.com/ItsRay<br />
GET FUTURE COPIES FREE<br />
BY REGISTERING ONLINE AT<br />
WWW.NETWORKCOMPUTING.CO.UK/REGISTER<br />
WWW.NETWORKCOMPUTING.CO.UK @NCMagAndAwards<br />
MARCH/APRIL 2017 NETWORKcomputing 3