By Dr. Guy Bunker @guybunker
I spoke at it-sa yesterday. The title of my talk was about stealing back critical information from cyber-attackers. However, it was really about the fact that nobody likes to buy insurance.
We all have to buy insurance, for the car and for the house and perhaps for other things like the central heating boiler. But we don’t like to do it. For the car, its compulsory, but for other items it really is at your own discretion. Is the cost of the insurance worth the risk you take should something go wrong? And therein lies the challenge... it’s about the risk of something happening. We don’t like insurance as it is only useful, should something go wrong.
Cyber-security solutions are, in general, the same... you buy anti-virus software to prevent you from being infected from a virus. But... you may never come across a virus – so is it worth it? The answer is ‘yes’, because there is a reasonably high probability that you might. However, what about Data Loss Prevention (DLP) solutions, these are there to prevent the good stuff (your information) from getting outside your organization. For many, they (still) don’t think this will happen to them – despite the statistics and the constant news stories. DLP also gets a bad reputation for various solutions which have been too expensive to run, with false positives hindering business – rather than helping it.
So, the statistics around losing data are pretty scary, with 80+% of organizations having a security incident in the past year – and nearly 90% of those were human error. So, in this case the insurance is not for the external threat – but for the internal one.
I covered this aspect of security solutions – no longer about insurance from the outside in, but to offer everyday value by protecting against the inadvertent inside-out threat. As for stealing back the data... well, contact me and learn more @guybunker!