Not only does this present challenges to those security professionals charged with guarding corporate networks against attacks, but it presents opportunities as well to make a difference in their enterprises.
This was the groundwork laid out by noted security expert Howard Schmidt in his keynote address to start off the CISO Executive Summit last week in Orlando, Fla., a daylong series of presentations and panels preceding InfoSec World.
“Technology has been great for us,” the (ISC)2 security strategist and former White House cybersecurity adviser told the approximately 50 IT executives at the meeting. “But what could someone do against it? What's coming next? We don't know. If we knew we could do a better job preparing."
One priority he pointed out was to stop bugs in software and firmware: “We've got the tools now to find vulnerabilities,” he said.
In advising the audience on how best to make a difference in today's environment, he said that data is gold today.
“Pull people around the table who own the data,” he said. The message that must be conveyed: “This is not the time to cut back on security.”
To achieve this, the key challenge for IT security staff is to get their colleagues to understand the risk environment.
“You have to understand the business to understand the risk," he said. "There needs to be full alignment between business needs when doing risk assessment."
Bring plans up to date and focus on a long-term strategy, he added.
“Guide the discussion about solving technology and long-term expectations.”
And by all means, become familiar with all the latest gizmos and technology offerings being used in the corporation. To illustrate his point, Schmidt explained that when security colleagues expressed incredulity at his creating a Facebook page, concerned about the privacy implications, Schmidt answered, “If we're not using it, how are we going to understand it?”