New Articles

The Best Weapon Against Cyber Threats Is Not Better Tech – It’s People

The Best Weapon Against Cyber Threats Is Not Better Tech – It’s People

When a company’s computers are hacked, management’s first impulses often are to invest in better software, better virus protection packages, better computers or even entire networks.

But they may be putting the emphasis in the wrong place.

“The problem’s root cause is usually not the technology, but people,” says J. Eduardo Campos, co-founder with his wife, Erica, of Embedded-Knowledge Inc. (www.eecampos.com) and co-author with her of From Problem Solving to Solution Design: Turning Ideas into Actions.

Campos, who worked as Chief Information Security Officer (CISO) in large international corporations, says “organizations that take a simplistic approach, assuming “computer hacks are an IT department’s problem” are headed for trouble. “Cybersecurity is everyone’s job,” he cautions.

For lasting results, Campos harnesses the power of solution design techniques to develop cybersecurity systems and protocols, based on the I.D.E.A.S. framework, outlined in his book:

Identify: Get to the root cause of the problem. Step back, take a breath, and assess the situation, so that you will ensure you are treating not just the symptoms.

Design To avoid security breaches, take time to determine the options that can be used to address all the problems related to these issues.

Engage. Confirm that everybody who is impacted by a new cybersecurity program or effort is on board with the changes before they are implemented.

Act. Implement mandatory training for all employees to explain the common ways hackers enter the system, including how phishing works.

Sustain. Design metrics to keep cybersecurity policies in place and implement an easily accessible system for employees to identify and report incidents.

“The company that truly engages all of its employees, suppliers, vendors and other stakeholders to be knowledgeable and aware of basic cybersecurity protocols,” Campos says, “will have a much better chance of countering criminals.”

 

About J. Eduardo and Erica Campos

Eduardo Campos and Erica W. Campos are co-authors of From Problem Solving to Solution Design: Turning Ideas into Actions. They have a combined tenure of over fifty years solving complex problems for global organizations. J. Eduardo is an expert in strategic, human-centric solution design with a background in cybersecurity and business development. He has worked on four continents, tackling intercultural and multinational problems, and spent the last 13 years at Microsoft, first as a cybersecurity advisor, then leading innovative projects at the highest levels of government in the U.S. and abroad. His consulting firm, Embedded-Knowledge Inc. (www.http://www.eecampos.com), works with organizations and entrepreneurs to develop customized business strategies and to form partnerships focused on designing creative solutions to complex problems.

 

IBM Opens New Security Center in Costa Rica

Heredia, Costa Rica – IBM recently celebrated its 10 year anniversary in Costa Rica with the opening of its latest Security Operations Center (SOC).

Through an initial investment that includes infrastructure and education, the center will allow IBM to address the growing security needs of its clients in the region.

With this new center, the first in Costa Rica, IBM adds to the existing services offered in the country including cloud, business analytics, project management, human resources, financial services and more.

Open 24 hours a day, seven days a week, the security center of operations team will monitor the latest security events experienced by IBM clients, assess their potential impact on the business and ensure that IBM clients’ infrastructure is configured to handle the latest threats.

As a result of this analysis, IBM “will help to protect people, data, applications, transactions and the infrastructure for all businesses in the region,” the company said.

Since IBM opened its Costa Rica operations, the company has created a number of new jobs and development opportunities for employees while helping build low income family housing.

The company has also introduced several educational initiatives, providing student scholarships through a program sponsored by Costa Rican Investment Promotion Agency (CINDE), university courses focused on key subjects like security and cloud computing, and reading companion software for 12 educational centers that are designed to help citizens improve knowledge of the English language.

IBM has the world’s largest security services practice, with more than 6,000 skilled security services professionals, all of who have a unique handle on the “threat landscape.”

Through this latest facility and its 10 SOCs located in the US, Poland, Japan, Brazil, Belgium, India and Australia, IBM manages and monitors 15 billion security events every day for more than 4,000 clients.

07/08/2014

US Retailers “Overconfident” on Cyber Security Issues

Portland, OR – US retail firms are confident in their ability to quickly detect data breaches, despite industry research to the contrary, according to a recent survey conducted by Dimensional Research and Oregon-based security management firm Tripwire.

When asked how quickly their organizations would detect a breach, 42 percent said it would take 48 hours, 18 percent said it would take 72 hours, and 11 percent said it would take a week, the survey said.

While 35 percent of respondents were “very confident” and 47 percent were “somewhat confident” that their security controls could detect rogue applications, most breaches go undiscovered for weeks, months or even longer, the research found.

The 2014 Trustwave Global Security Report reveals that the retail sector is the top target for cyber criminals, comprising 35 percent of the attacks studied with an average 229 days taken to detect a security breach.

The report also states that the number of firms that detected their own breaches dropped from 37 percent in 2012 to 33 percent in 2013. Some 85 percent of point-of-sale intrusions took weeks to discover, and 43 percent of web application attacks took months to detect.

The survey evaluated the attitudes of 154 retail organizations on a variety of cyber security topics.

“I always say that trust is not a control, and hope is not a strategy,” said Dwayne Melancon, chief technology officer for Tripwire. “Unfortunately, this data suggests that a lot of retailers are far too hopeful about their own cyber security capabilities.

Despite “ample historical evidence that most breaches go undiscovered for months,” he said, “There is clearly a significant disconnect between perception and reality, even though the repercussions for failing to meet the required level of rigor around cyber security has led to the recent removal of retail executives and board members.”

The survey also found that 70 percent of respondents said that the recent, nationally-reported Target security breach has affected the level of attention executives give to security in their organizations and that 26 percent of respondents don’t evaluate the security of business partners, such as HVAC contractors who were implicated in the Target breach.

07/03/2014