CISO Shares Strategies For Surviving The Inevitability Of Attacks

  /     /     /  
Publicated : 22/11/2024   Category : security


CISO Shares Strategies For Surviving The Inevitability Of Attacks


Loop in application, network teams to help spot threats and attacks before they do harm



NEW YORK, N.Y. -- Interop New York 2013 -- Chief information security officer Jay Leek says todays reality that you cant stop all cyberattacks means security teams must double down on smarter detection of threats and attacks rather than the traditional approach of mainly trying to prevent them.
Leek, who is the CISO at financial services and asset management firm Blackstone, says the more you know about your attackers and their M.O., the better chance you have in thwarting any real damage. That entails three main mindset and strategic shifts that security pros need to make, he says, to handle threats and attacks today: better visibility into threats and attacks, better intelligence about them, and a planned response rather than merely reacting to the latest threat, vulnerability, or incident.
The reality is that bad guys have much more time on their hands than we do, says Leek, who gave a presentation from the CISOs perspective here at Interop yesterday. If youre focused on prevention and not much on detection, you are flying blind sometimes because you dont necessarily know where youre headed.
Blackstone is adopting what John Pironti, president of IP Architects, says is a prime example of a risk-based model for security -- one where security pros serve as advisers to the business on the real risks facing their firms, rather than as the naysayers they sometimes appear to the business side.
Security is the output of what the business risk profile defines, Pironti says.
Meanwhile, Leek estimates that most organizations spend about 70 percent of their capital, resources, and processes on prevention, but that model is no longer viable in todays threat landscape. Our programs, generally speaking, largely reflect the vendor landscape of mainly prevention-based tools, he says. Why is this? Because its sexier to sell prevention, he says.
Security teams need to change up their strategy, he says.

Last News

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
CISO Shares Strategies For Surviving The Inevitability Of Attacks