IDG Connect – Does the CISO role need to be formalised?

idg_logoJason Hart, CTO of Gemalto, is on a mission. He wants to formalise the role of CISO. “If I want to be a CFO I need various qualifications,” he explains over the phone. “If I want to be a CISO that isn’t the case.” He believes the role of CISO should be formalised – like an accountant – with mandatory regulations and training. “This doesn’t need to be complicated,” he stresses. “The simpler it is the better.”

The position of CISO is a difficult one though. The business importance of this individual has changed rapidly over the last few years and some see the position as a classic short-term fall guy – ready to be fired with the first breach. Hart says to do the job well you need someone geeky, good with people and good with business processes. “The dynamics of a CEO, if you like.”

“I was an ethical hacker,” he adds “and every successful breach came down to understanding the business process and understanding the level of risk.” He believes this means that while being technically savvy is a useful skill for CISOs to have, the most important thing is to understand business processes. “If you come from a non-technical background [you might be better at] engaging the board members.”

It is the fluidity that comes with the role, however, that many individuals see as a challenge to regulation. Ian Platt, Co-founder and President of Bromium tells me, when I meet him in London, that he thinks “as an industry we’re too early for this”.

“A lot of policy is wrong,” he says “offering the example that 95% of contracts [specifically state you must run anti-virus on every machine.”

To read the full article click here.

IDG Connect – What will the ‘mega security breach’ of the future look like?

idg_logoSecurity is an area that just keeps gaining prominence. The breaches keep hitting the headlines. And it is pretty clear that a horrific attack – that most people simply can’t imagine yet – is on the horizon. This means while it is not always helpful to focus on the negative stuff – it can be hard not to with security – and at least by looking at the worst case scenario it might help us confront what we could be up against.

At a December roundtable in London, Jason Hart CTO of Gemalto, highlighted the rise of integrity based attacks. These see attackers manipulating company data for their own benefit rather than simply stealing it. He believes that this will hit business reputations very hard and over the next 12 to 18 months [since December] at least one UK firm will fold because of it.

 

To read the full article click here.

IDG Connect – What will be the single biggest security threat of 2017?

idg_logoAt the very end of 2015 we ran a straw poll of individuals in the security space to determine what the single biggest security threat of 2016 would be. We divided the 74 “unstructured” comments into a number of lose sections with “people” emerging as the most popular response.

“Hackers will no longer simply be stealing data, but instead aim to gain unauthorised access to manipulate vital data – which businesses will make important decisions on – for a number of ulterior motives, such as financial or reputational.”

Jason Hart, CTO Data Protection at Gemalto

 

To read the full article click here.