Author: Minda Zetlin / Source: enterprisersproject.com
Most large companies have spent decades under-spending on information and cybersecurity, says David Foote, partner and chief analyst at the research and analysis firm Foote Partners. That fact, combined with the skills shortage for cybersecurity experts can create some real vulnerabilities for both large and small organizations.
In part one of a three-part interview, Foote described how the IT talent shortage can hamper digital transformation, and how smart companies are planning ahead and developing internal talent for future needs. In part two, he explained how the rise of the Internet of Things will create crippling shortages in some key areas, and what to do now to prepare for it. In part three, he takes a look at cybersecurity and how to handle the skills gap in that area.
Foote: Let’s begin by being clear on the difference between information security and cybersecurity. Information security is about creating a perimeter around your network. But it’s not unusual now to discover that if you’re breached, intruders have been inside your system for two years.
You can put all your effort into your perimeter but it will still be pretty porous. People are starting to realize that the bad guys seem to be almost at will going into systems, such as Russians hacking the Democratic National Committee. You cannot stop hackers and hacktivists. You can reduce intrusions, but you can’t completely stop them.
The question is not only how do you keep people from getting in, but once they’re in, what did they take, what’s the root cause of the intrusion, and how do we prevent it next time? For that, you need cybersecurity. One of the big differences between the two is that cybersecurity requires a different understanding of compliance with things like HIPAA and the Graham-Leach-Bliley Act, and SOX. You have to understand what assets you have – it’s called valuation of asset inventory – see what it’s worth and what would happen if it were stolen.
TEP: What are some of the factors that make companies especially vulnerable these days?
Foote: There have always been lots of information security people around, but companies weren’t hiring them. If you were a CEO and someone came to you at budget time and said, “We can launch a new product and make $20 million in the next 18 months, but we’ll need $10 million to produce the product,” and the CISO came to you and said, “We…
Click here to read more