Data Security

Human Element Overlooked in Security, HP Expert Says

Human Element Overlooked in Security, HP Expert Says
February 28, 2014 11:30AM

Bookmark and Share
Based on assessments of 96 companies globally, HP found that most spent 86 percent of their security budget trying to block threats at the infiltration stage. Meanwhile, personnel had a minimalistic "check box" approach toward security practices and policies. Rather than chase "silver bullets," companies must invest in "people, process and technology."

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

Want to protect your data and make your enterprise more secure? Invest more in human resources than in technology, think like the bad guys, and redefine success in the war against cybercrime. That's some of the advice shared this week at the RSA Security Conference by Art Gilliland, Hewlett-Packard's senior VP for Software Enterprise Security Products.

Gilliland told some of the 25,000 attendees at the RSA conference in San Francisco's Moscone Center that his company's research shows that too many businesses rely excessively on software and hardware to protect their systems. Meanwhile, they skimp on safe practices by smart managers.

"We are over-invested in product," he said.

Rather than chase "silver bullets," he said, companies must invest in a trifecta of "people, process and technology." Companies that did so have seen 21 percent better returns on their investment and saved an average $4 million more than other companies.

Invest In Compliance

Based on assessments of 96 companies globally, HP found that most spent 86 percent of their security budget trying to block threats at the infiltration stage. Meanwhile, personnel had a minimalistic "check box" approach toward security practices and policies.

"Almost a quarter of the people implementing this strategy failed to meet the minimum security standards they set for themselves," he said. "They are aspiring toward the low bar of compliance. And, 30 percent failed to even meet compliance."

The war against hackers might seem like a lost cause since spending on defensive measures last year went up 20 percent, while damage from cyber criminals increased 30 percent, Gilliland said.

But he countered that the good guys and bad guys are held to different standards.

"There is a structural imbalance in our industry," said Gilliland in his address, which was recorded for viewing on RSA's Web site. "For us to define success, we need to be right every time, we need to be perfect. For the adversary to define success, he only has to be right one time." Give up looking at the war as a zero sum game, he said, because companies block the vast majority of threats.

Understand Your Enemy

Gilliland also said it is important to realize that criminals use the same methods and processes as anyone else to do their work. Only their motivation is different. So it's crucial to understand how their marketplace looks and works.

He detailed the layers of the "attack lifecycle," beginning with those who research and profile networks and systems, then put out feelers to sell that profile to someone else. The next person buys those profiles and uses them "either to understand what kind of toolkits to build or to trick us to break into the network through a bunch of access points," Gilliland said. Those access points can then be mapped and sold to someone else.

In the final step, the hacker accesses information, either to steal or destroy it. He noted that the data security industry spent $46 billion last year to protect itself from the rising level of threats.

Those threats made this year's RSA Conference the biggest in its 21-year history in terms of participants, exhibitors and speakers.

"Data security has been a prevalent theme this year," said John Shier, a security adviser with Sophos, in an e-mail from the conference. "The combination of the NSA revelations [about monitoring civilians] and the data breaches has meant that more people are looking for ways to protect their data, regardless of whether it's the supposed 'good guys' or the crooks that are trying to get their hands on it."

Tell Us What You Think
Comment:

Name:



 Data Security
1. Juniper DDoS for High-IQ Networks
2. Google Hacker Team to Hunt Bugs
3. Cloud Firms Offer Azure Starter Kit
4. FBI Cyber-Expert's Humble Start
5. Chinese Hackers Hit U.S. Officials




 Most Popular Articles
1. Review: Warming Up to Tablets with Keyboard Covers
2. Android SMS Worm Lets Bad Actors Cash In
3. Aerohive Helps Retailers Engage In-Store Customers
4. Google I/O Conference Brings a Lot for Businesses
5. Bezos: Amazon's Fire Phone Offers 'Something Different'


Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Lenovo Still in Small Windows Tablets
  Schools Buy Million Chromebooks in Q2
  'TV Anywhere' Solutions from Sling
  Mobile Apps Offer Last-Minute Deals
  Nokia X Phones Had Identity Crisis

 Technology Marketplace
Big Data
Unlock your enterprise data's potential. Learn how in the research report.
Are you getting everything you can out of your business data?
 
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
CIO Issues
Secure and retain skilled technology professionals. Learn how.
 
Cloud Computing
Are you getting everything you can out of your business data?
 
Data Storage
Unlock your enterprise data's potential. Learn how in the research report.
 
Enterprise Hardware
Protect your network with APC Smart-UPS battery backup
Cisco UCS Invicta Series flash memory systems
 
Enterprise I.T.
Register for an upcoming ISACA® certification exam today
Secure and retain skilled technology professionals. Learn how.
 
Enterprise Software
Unlock your enterprise data's potential. Learn how in the research report.
 
Hardware
Protect your network with APC Smart-UPS battery backup
Ferocious productivity. A fearless team of pros. Find Out More
Cisco UCS Invicta Series flash memory systems
 
Network Security
Protect your network with APC Smart-UPS battery backup
 
Small Business
Ferocious productivity. A fearless team of pros. Find Out More