Day: May 4, 2016

ISACA Now recently interviewed David Rowan, editor of WIRED magazine and keynote speaker atEuroCACS 2016. He discussed the future of audit, governance and risk management, as well as what can be done to stop cybercriminals once and for all.

ISACA Now: What are some of the changes/innovations audit, governance and risk management professionals should expect in the next 5-10 years?
Rowan:  We are in a networked world of ever increasing transparency, as well as increasing vulnerability to data breaches. Starting with transparency, the recent breaches of client confidentiality over Panamanian accounts, and the Snowden disclosures before that, are a stark reminder that every professional’s decisions could tomorrow be scrutinized on the front page of the New York Times. If you’re an auditor or a risk management professional, are you comfortable with your advice, your private emails, your entire work life being exposed to the twittersphere? I hope so. At the same time, we’ll find foreign states and criminal gangs investing ever greater efforts in breaching supposedly secure corporate networks to transfer funds or steal proprietary data. How well defended are you against these real and growing risks? Is your CEO taking personal responsibility?

ISACA Now:  Will the technology of cybersecurity ever catch up to or surpass the technology used by cybercriminals?
Rowan:  The single biggest worry I have today is our growing reliance on networked connections to keep our economy moving—the satellites empowering communications, the servers running our utilities, the corporate decisions being made on supposedly safe internal networks. The bad guys are terrific innovators; they understand psychology as well as technology, so whether they’re spoofing the GPS signal of a satellite to put it out of orbit or hijacking your home computer with ransomware, they’re delivering nicely rising profits at our expense. I’m not sure we’ve seen the political will or the corporate education to confront these criminals with well-resourced defense systems that can scale and can keep up with the bad guys’ rate of innovation. They, after all, have a great incentive:  you used to rob a bank because that was where the money was; today the money is all over the network.

ISACA Now:  You’ve interviewed many global influencers over the years. What key characteristics have allowed them to be so influential? Any examples?
Rowan:  When it comes to entrepreneurs who really build something huge—the Facebooks, the WhatsApps, the Kickstarters—there tend to be a few common characteristics in many cases. Often they are motivated to solve a big problem, something that really makes a difference and not simply make money. That motivation keeps them going through the tough bits. They’re often very resilient personalities who don’t take it personally when things go wrong, so they can get up and push past the problem. They’re often outsiders in some way who don’t see the rules other people rely on:  maybe they had dyslexia at school, or were immigrants who didn’t easily fit in, or were misfits in some other way. They have tremendous self-belief, which lets them motivate their teams as well as attract investors and the media. And often I’ve found they had difficult relationships with their father—I can’t prove this scientifically, but perhaps it’s something that leads them to be driven beyond reason to prove themselves…

ISACA Now:  You will be speaking at the EuroCACS conference 30 May-1 June 2016 in Dublin. Give us a brief preview of what you’ll discuss and what attendees will take away.
Rowan:  My life is spent travelling to meet the start-ups transforming industries and the investors betting big on them, as well as the research labs designing the way we will interact in the future with technology. So I’ll translate what I’m seeing in real fast-growth businesses to how it will impact successful existing businesses in the next five years—and how consumer behavior is being transformed by everything from mobile screens to virtual-reality headsets. The bottom line is the world will never move this slowly again, as exponential technologies create massive new opportunities to build businesses that could never have existed a couple of years ago. So there’s a risk that delegates will go back to the office with a rather big to-do list of urgent things they need to do to become as innovative as the start-ups…

David Rowan, Editor, WIRED

[ISACA Now Blog]

If you’re among the 28 percent of enterprises that still haven’t implemented a planned endpoint backup system, here are 5 key attributes to look for in a system, to help drive adoption and success. These recommendations are courtesy of Laura DuBois, program vice president at IDC, a global market intelligence provider with 1,500 highly mobile, knowledge-driven employees:

1. Supports Productivity
Look for a lightweight system that doesn’t put a drag on memory, so employees can access data and collaborate quickly. If the system slows people down, they won’t use it.

2. Increases Security
While some people think of endpoint backup primarily for disaster recovery, you should think of it as a data loss prevention tool, too. A good endpoint backup system offers a multi-layered security model that includes transmission security, account security, password security, encryption security (both in transit and at rest) and secure messaging.

3. Offers Intuitive Self-Service
Employees don’t want to wait for IT to recapture lost data. Having an easy-to-use, self-service interface allows employees to locate and retrieve their own data. Not only does this help increase adoption, it also cuts down on calls to the IT Help Desk to save administrative time and money. A survey of Code42 customers found that 36 percent had fewer restore support tickets after installing the CrashPlan endpoint backup system, and 49 percent reduced IT hours spent on data restores.

In fact, for CISOs looking to make the case for an endpoint backup system, DuBois suggests compiling Help Desk volume data and the productivity associated with it.

4. Supports Heterogeneity
DuBois’ research showed that the average corporate employee uses 2.5 devices for work, some company issued and some not. Your endpoint backup system has to accommodate today’s diversity in devices, platforms and network connectivity.

5. Handles the Added Traffic
Some endpoint backup systems can get bogged down with lots of users and not enough network bandwidth. Look for a system that backups up almost continuously, so the processing is spread out vs. taxing the system all at once and slowing it down.

To learn more, see DuBois’ webinar, “5 Expert Tips to Drive User Adoption in Endpoint Backup Deployments.”

Susan Richardson, Manager/Content Strategy, Code42

[Cloud Security Alliance Research News]