False Sense Of Security
It's been fast moving since my trip to RSA Security event in San Fran. Much of my travels have been conducting security presentations to companies of all sizes. What amazes me is the fact that we have CIO's and CxO's out there that feel good about the security or lack thereof they have in their networks.
I am finding that CIO's are relaxed because they passed the regulatory tests or gained certification with a product or technology that barely provides the protection they need for today's and possibly tomorrow's threats.
They "Think" they are smarter than the hackers. Believe me when I tell you this but a lot of hackers can run circles around most CIO's and security guys that I have met.
My point that I am trying to raise and I might not be to clear is that you can't be comfortable with your network security JUST because you passed an audit. You need to put you heart behind it and really think about how secure you really are. What's protecting you, firewalls? Good luck with that these days. A cheap, low end UTM device? Good luck with that also. The story goes and it works; "You get what you paid for". If you went cheap on security, that's about the level of protection you are going to be getting.
I tell companies all the time. If you have never been breached, brace yourself, you are about to. If you think you would know if you have been breached, think again. I've met many companies that have told me they have NEVER been breached. When I work with them and start to place good security technology into their network, Like an IPS, and it starts to discover all the bad stuff running around its network, they freak out! Can you stop that from happening? Well yes I can. Then sweat turns to fear and that's when they know something bad has been happening all along on their networks without them ever knowing it.
I understand it is difficult to convince CIO's and CxO levels about the threats that lurk in networks and this is where you need to turn to help. I am available to help you through all this since I have the background and experiences to share. Drop me a line and let's see how I may be of service to you. kenpappas@comcast.net
I am finding that CIO's are relaxed because they passed the regulatory tests or gained certification with a product or technology that barely provides the protection they need for today's and possibly tomorrow's threats.
They "Think" they are smarter than the hackers. Believe me when I tell you this but a lot of hackers can run circles around most CIO's and security guys that I have met.
My point that I am trying to raise and I might not be to clear is that you can't be comfortable with your network security JUST because you passed an audit. You need to put you heart behind it and really think about how secure you really are. What's protecting you, firewalls? Good luck with that these days. A cheap, low end UTM device? Good luck with that also. The story goes and it works; "You get what you paid for". If you went cheap on security, that's about the level of protection you are going to be getting.
I tell companies all the time. If you have never been breached, brace yourself, you are about to. If you think you would know if you have been breached, think again. I've met many companies that have told me they have NEVER been breached. When I work with them and start to place good security technology into their network, Like an IPS, and it starts to discover all the bad stuff running around its network, they freak out! Can you stop that from happening? Well yes I can. Then sweat turns to fear and that's when they know something bad has been happening all along on their networks without them ever knowing it.
I understand it is difficult to convince CIO's and CxO levels about the threats that lurk in networks and this is where you need to turn to help. I am available to help you through all this since I have the background and experiences to share. Drop me a line and let's see how I may be of service to you. kenpappas@comcast.net
posted by Ken Pappas, President at
4:49 PM
0 Comments
