Ostrich Security: Peter Jopling Offers Jousting Tips at the RANT Forum

Ostrich Security: Peter Jopling Offers Jousting Tips at the RANT Forum

Sometimes it feels like you’re on a hiding to nothing when you’re an information-security professional. You were hired to protect your business’s most critical digital assets – source code to proprietary software; confidential details of planned deals or mergers; customer billing information; and so on – and you’ve designed the system you feel is required. Yet not only is there now a block being put on the funds you need to build it, somewhere above you on the corporate ladder there’s resistance to your ideas about staff training and the need to explain why security is important to everyone in the enterprise. At this stage, just about the only things you can be certain of is that you’ve done the absolute best you can yet the security system you’ve designed still isn’t effective; and if hackers gain access to any of that vital data, you are damned sure that during the blame game that will follow, all fingers will be pointing in your direction.

It’s a problem that Peter Jopling has seen before, and – refreshingly – the 25-year veteran of the cyber-security business has a few ideas about how his fellow professionals can maybe start to help put it right. He’ll be offering a few thoughts on this during his presentation to this month’s RANT Forum in London, and will also be asking another pressing question: why, given the almost daily parade of multinational companies announcing damaging data-loss incidents, is this still a conversation we need to be having in 2014?

“My RANT is really about trying to understand the reasons businesses are struggling with security issues around how they’re managing their people, their data, and understanding what’s happening within their infrastructures,” Jopling, IBM’s Chief Technology Officer and Software Security Executive for the UK and Ireland, tells the Acumin Blog. “You go to any organisation and they’ve got lots of physical security, such as identity cards and restricted access. But actually, with regards to the actual data itself, many organisations are unsure about how they actually secure their infrastructures.”

Part of this will be down to the attitude of key staff, and another part may be more to do with misconceptions around data security. These, though, are more often issues to do with an individual’s perception; when it comes to institutional thinking, Jopling will argue that the misunderstandings are more fundamental.

“I’m going to talk about what some IBM research has found in terms of how big the problem is and what the types of attacks are – and then talk about why businesses struggle to address this issue around their users,” he says. “There can be a lack of understanding around user identity, and what those users are doing with the data, and how they are accessing it. Then I’ll discuss the difficulties around addressing anomaly and behavioural analysis, and the lack of forensic capability.”

The problem will be all too familiar to many regular RANT-ers. But surely, after all the recent high-profile hacks, this penny is starting to drop in the boardrooms of the continent’s biggest businesses?

“It is, but it’s a very, very slow change,” Jopling cautions. “We’re seeing a more positive stance, but even at senior level there can be a lack of understanding of what the issues are, how dynamic or invasive the attacks can be, and how readily available the technology is to carry them out. The issue can be not knowing where to start, and the problem seeming far too big to tackle. That’s an ostrich mentality.”

So, how can security professionals convince recalcitrant or poorly informed boardrooms to invest sufficient resources? Jopling believes that, while the security arguments may fall on uncomprehending ears, an argument based on the business case is more likely to succeed.

“It’s a different discussion these days,” he argues. “It’s not as much around, ‘We need some money to mitigate against a threat’; it’s actually, ‘If we put in a robust security policy we can actually take cost out of the business.’ If we have a security middleware layer that arbitrates between what the user’s trying to do and the data, we don’t need to reinvent the security wheel every time we build an application or service. So you can massively reduce cost, and increase your security in doing so.”

For more on how to get your board’s heads out of the sand, and of course the usual mix of banter, bonhomie and beer, come along to our tried-and-tested City of London location on Wednesday (June 25), and get ready to learn the art of corporate spin. Doors open at 5:30pm, with the presentation at around 6:30. Food and drink are free, but prior registration is a must. Please contact Donna Wreathall at Acumin on dwreathall@acumin.co.uk or 0207-987-3838 to reserve your place; spaces are limited with demand running particularly high following the second RANT Conference, so do please get in touch as soon as possible.

 

Our accreditations & Partners

  • REC Member
  • VTC - Virtual Technology Cluster
  • Bloom Nepro
  • YPO
  • Crown Commerical Service
  • Disability Confident
  • ISO 9001
  • Armed Force Covenant
  • Cyber Essentials Plus
  • ISO 27001

Thanks

Success

Thanks

Success

Thank you for signing up to the acumin alerts.

Send CV

Send us your CV and have our recruiters match you to the ideal opportunities

Do you already have an account with us?

Log in

Want to have an account with us?

Register

Want to just send us your CV?

Upload only doc, docx, odt, pdf format file.

By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.

Password reset

If you need a reminder for your password, fill out the field below

Log in

Access your account to edit your contact details, job alerts or to upload a new CV

Thank you

Success

Thank you for successfully uploading your CV.

Acumin Alerts

Success

Thanks for registering for Acumin alerts.

Acumin Alerts

Unfortunately your CV could not be uploaded

Please make sure your CV is one of the following file types: doc, docx, odt, pdf, rtf

Acumin Spam

Unfortunately your submission has been declared spam. Please try again.

Vacancy

Success

Thank you for submitting your vacancy.

Register

Create an account to register your contact details, sign up for job alerts and upload your CV

Success

Thanks for registering for Acumin alerts. To get the most out of Acumin's service why not register with us?

Upload only doc, docx, odt, pdf format file.
- Practitioner
- Commercial

I agree to the terms and conditions and to be contacted by recruiters:

I agree to receive marketing communications relevant to my job search:

I agree to receive Jobs By Email for the following professions:
- Business Continuity Management
- Counter Fraud
- Cyber Security
- Executive Management
- Governance & Compliance
- Information Security & Risk Management
- Penetration Testing & Digital Forensics
- Sales and Marketing
- Sales Engineering
- Security Management
- Technical Security
- Information/Risk Assurance
- Identity Management
- Application Security
- Security Architecture
- Dev/Sec Ops
- DV & SC Cleared Jobs
- Programme & Project Management
- CISO/CSO

Submit a Vacancy

Use the form below to submit a vacancy