Looking Forward, Not Back: Rik Ferguson on Rethinking Data Security at the RANT Forum

Looking Forward, Not Back: Rik Ferguson on Rethinking Data Security at the RANT Forum

Being an information-security professional is a bit like being a goalkeeper in a football team: you can play a blinder all day but if you make just one mistake and your team concedes a goal, that’s all that anyone will remember. If your job is to defend your network from a vast array of threats, it will be expected that you’ll succeed most of the time – but the CEO probably won’t even know your name until that dread day when something gets through your defences.

And yet, as Rik Ferguson will show at this month’s RANT Forum event in London, it doesn’t have to be this way. Ferguson, vice-president of security research at Trend Micro and one of the UK’s foremost experts in information security, will argue that too much of the design and planning of security strategies is rooted in dated thinking; and that if businesses can’t stop pretending that attacks are inevitable, they’re never going to be able to give their infosec teams the equipment they need to properly secure their data.

“The traditional assumption behind security-architecture design and management is, ‘I will stop the attacker from getting into my systems and onto my network’, but that assumption is no longer valid,” Ferguson tells the Acumin Blog. “You have to accept the fact that if an attacker wants to get into your network he will get into your network: so you have to build your security based on the assumption that breach will happen, and your goal should be to discover that it’s happened as soon as possible and to get the right kind of intelligence to allow you to contain it and mitigate it in the shortest possible time.”

The reason the old thinking persists is rooted in the way security is structured and designed. The problem, Ferguson argues, is less about anticipating adversaries’ actions than it is about getting your own house in order.

“The way in which we approach enterprise architecture, from design through implementation and management, hasn’t really evolved over time – but the attackers’ techniques and methodologies have,” he says. “That should have led to a consequent change in the way that businesses do security, but we continue to focus on technologies in isolation. The firewall management team will manage the firewall; maybe the endpoint security management team will do the anit-virus; maybe you’ve got a separate intrusion-prevention team – but the extra intelligence, and thus security, that could be gained by bringing the management of those together is lost. And when it comes to picking up targeted attacks, that’s really the only way to do it.”

At November’s RANT Forum, attendees will learn something of the nature of the problem, and perhaps get some tips on how to respond. If nothing else, Ferguson promises they will leave with a few questions they can take back to the office.

“I’m going to offer up some examples of exactly what kind of attacks and breaches I’m talking about, to clarify that people actually understand what the threat landscape is today,” he says. “I’m going to talk about the differences in approach that that kind of attack necessitates. And I will at least leave the audience with a series of questions they should be asking themselves and their teams and their management that will enable them to build more effective, more chronologically forward-facing security.”

This is a chance to hear from one of the pre-eminent voices in the infosec world, and discuss the issues with him and other attendees in the industry’s liveliest debating forum. Join us at The Counting House, 50 Cornhill, London, EC3V 3PD, from 5:30pm on Wednesday November 27. Please apply for your place by contacting Gemma Paterson at Acumin on either +44 (0)20 7510 9041 or gpaterson@acumin.co.uk

 

 

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • RANT Events
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001

Thanks

Success

Thanks

Success

Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Vacancy

Success

Thank you for submitting your vacancy.

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy