Cisco: IT Struggling to Cope With Internal Security
Too many IT managers are mired in minutiae, fixing small holes while failing to see the big issues, Cisco said today.
The most difficult to defend against might seem to be insider threats. The issue has certainly been in the news, with an energy company and the U.S. State Department being recent high profile victims.
"There are three reasons why this problem is getting worse," Patrick Peterson, Cisco fellow and chief security officer, told InternetNews.com. "The first is the economy. Many employees are acting out of desperation. The second is that the employer-employee relationship has changed, and people are now more willing to screw their employer and not think twice. The third is globalization and outsourcing."
Peterson said that businesses have to identify risks and apply policies to specific job functions and lines of business. "The business cannot have a one-size-fits-all policy," he said. "We have previously emphasized the need to know your risk (less so in this report).
"It's surprising how many businesses don't focus on knowing their risk, and don't have a strategy to minimize it," he said, and admitted that the fact that security policies are often driven by compliance rather than by risk management is a huge factor.
Peterson explained that means that they have to solve issues as they crop up. Nobody should be working now on an issue that was identified two years ago, but in the real world, many are.
"CSOs need to show leadership and take a look at real world risk issues," he said. He noted that often in a specific vertical, such as financial services, companies will fix a problem when one of their competitors makes headlines because of it. Peterson said that when that happens, they should also try to figure out why they had not identified the problem before they read about it in the news.
Read the rest at InternetNews.com.