CIO magazine has posted the latest Deloitte paper “Cyber crime: a clear and present danger”.
They look at the latest trends and recommend three security practices:
- Recognize that the threat from cyber crime to data is real
- Use a risk based approach to get the most benefit/return from security spending
- Use centralized management to get a high-level view
Clearly this is not rocket science. Could there ever be a survey that does not produce these three recommendations? What has changed with “cyber crime” versus any other attack name/vector/title? They are sound practices, but do not seem linked to any specific trend or development that is distinct from past threats. In fact, they also conclude with “We do not suggest that cyber security professionals consider a change in focus and additional duties lightly.” Sound advice and I really do not see much change here.
I will be presenting next Tuesday at the RSA conference on the Top Ten Breaches. I will give a high-level view, analysis of trends and then specific steps to mitigate the current threats. The objective is to give information that is not just general advice but actionable and targeted.
Hope to see you there.