Key 3: More management buy-in on security posture
Concerns about security are moving up the corporate ladder as the war for data continues. C-level executives are now joining IT staff in participating in the development of strategic measures. By implementing business-wide policies and monitoring tools, IT is able to gather and communicate detailed information about the corporate risk profile to management, enabling them to make informed decisions regarding the overall direction of the organization’s security.
One of the biggest changes is that, rather than maintaining a static security posture and simply hoping for the best, businesses are learning to be proactive in anticipating potential security problems. They are regularly reassessing their current risk profile in light of the current threat environment, in order to be prepared as changes take place in the threat landscape.
An evolving threat landscape requires that businesses implement an evolving protection landscape, otherwise, security posture is compromised.
In the end, the cyberthreat environment — although constantly evolving — has maintained a similar MO for many years. There are good guys and bad guys, and it’s largely their methods that change. While it may seem like an arms race that the criminals will inevitably win, the fact is the vast majority of attacks are unsuccessful.
For example, in 2011 Symantec blocked an average of 7.5 million malicious files each month, preventing an untold amount of potential attacks. However, these customer-saves tend to be overshadowed by the relatively few successful attacks that dominate the media coverage.
Simply put, organizations are becoming more savvy in defending themselves, implementing security strategies that combine traditional security measures such as antivirus software with emerging technologies like reputation-based security and intrusion prevention systems (IPS).
So while businesses need to remain on guard and not bury their head in the sand, the fight against cyberattacks is not in vain. The simple truth is that we are, in fact, winning the war against cybercrime.
Blake McConnell runs product management for Symantec’s core security offerings, which spans endpoint security, server security, messaging security, and Web security. Blake has been with Symantec for more than eight years and previously ran product management for Symantec’s SMB Security Solutions. At Symantec, Blake has also led strategic operations for Symantec’s Information Risk Management business unit and led the strategic go-to-market effort for Symantec’s Security and Data Management Group. In addition, Blake has held positions in strategic alliances and business development, covering global accounts such as IBM, Intel, AMD and Dell. Prior to joining the technology industry, Blake worked as an investment banker for Donaldson, Lufkin & Jenrette. Blake has an MBA from Kellogg and an undergraduate degree in Mathematics from Vanderbilt University.