News Stay informed about the latest enterprise technology news and product updates.

Cybersecurity advice to live and work by

This blog post is part of our Essential Guide: An IT security strategy guide for CIOs

The news that internet company Yahoo had information stolen on a half billion accounts in 2014 is further proof of this simple truth: Hacks are widespread and increasingly spectacular.

To counter the escalating and ominous threat of costly data breaches, companies need strong defenses in place, said former CISO and independent consultant Candy Alexander. She picked the brains of four cybersecurity experts at a panel discussion in Boston this month.

The talk, sponsored by Women in Technology International, focused on steps companies need to take to protect against hackers. The panelists left the small audience with these nuggets of cybersecurity advice:

Look at people, process and technology. Patty Patria, CIO at Becker College, in Worcester, Mass., stressed this trio of focus areas. Employees need to be trained on cybersecurity practices, processes need to be in place to determine what the most sensitive data is and a variety of tools need to assessed and acquired. And someone needs to orchestrate it all.

Patty Patria

Patty Patria (left), CIO at Becker College, speaks on a recent cybersecurity panel in Boston. Fellow panelist Janet Levesque, CISO at RSA, looks on.

“If you don’t have somebody on your staff who has the expertise in understanding how to do those assessments and look at people, process and technology, go hire somebody to do that.”

Make cybersecurity everyone’s business. Janet Levesque, CISO at security company RSA, said organizations need to help their employees understand that cybercriminals pose a threat not only to the company but also to them and to their families, too. As part of an awareness campaign this year, RSA plans to ask all its employees to talk to one family member about safely navigating the internet, Levesque said.

“If they understand security awareness at that level, then they translate those personal actions into their professional behavior.”

Gary Miliefsky, Janet Levesque

SnoopWall CEO Gary Miliefsky (left) speaks at a discussion on cybersecurity best practices in Boston while Janet Levesque, CISO at RSA, listens.

Assume you’ve been hacked. That’s because you might have, said Gary Miliefsky. The CEO at SnoopWall, which sells data breach technology, said many companies don’t find out that their computer systems have been infiltrated for months. The cure, he said, is looking beyond prescribed technology like antivirus software and shop for tools that go after those who want in. One example is a honeypot, a decoy system that tricks hackers into thinking they’ve found the real thing.

“Antivirus can’t solve all your problems because it’s reactive technology,” Miliefsky said.

Michelle Drolet

Michelle Drolet, CEO at Towerwall, gave cybersecurity advice at a recent discussion in Boston. On the left is SnoopWall CEO Gary Miliefsky.

Be strategic. Michelle Drolet, CEO at data security company Towerwall, said companies need “an overarching security policy” that covers components such as user awareness and responsibilities, vulnerability management — which identifies and addresses flaws in hardware or software — and cybersecurity tools.

“Building a solid information security program strategically for your organization is like building a house,” Drolet said. “You need that foundation.”

To get more cybersecurity advice, read the SearchCIO report on Women in Technology International’s recent panel discussion.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The vSphere 5.0 beta included APIs to verify the Hypervisor integrity (using a TPM) module. This was used e.g by Trend Micro's Deep Security. Unfortunately this was pulled in the final vSphere 5.0 release. However it seems it will be available again in vSphere 5.1. This could help the CSP to at least detect some changes/attacks on the hypervisor - whether and how this information is given to tenants is a different story.

Another topic is the security of the data (volume) itself: One option is encryption (which is nothing new in itself) with a disjoint key management. This can either be achieved by using cumuls4j for PaaS offerings or (for IaaS offerings and even physical servers) using Trend Micro's SecureCloud.
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close