Archives for category: itsecurityguru.org

On 1st October we’re going to get the cyber-security community together to host a flashmob picnic fest in the park, in Trinity Square Gardens, by the Tower of London to make people aware of Security Serious Week and European Cyber-Security Awareness month.  The idea would be to get the security industry, CISOs, academics, lawyers and law enforcement to offer their one liner golden tips on what they believe you should do to be “security serious”! Our sponsor Canon will then blow it up onto a canvas alongside your logo, with the intention of creating a massive human collage for a photocall with the press.  It would take less than an hour and everyone would be rewarded with a little picnic bag – just like you used to enjoy as a kid.  It would not only be a great awareness event but a fun networking event.  If you’re keen to submit your one liner (no  more than 10 words) on what you think people should do to be more secure then submit it to beth@securityserious.com by 1st September.  This is a totally free opportunity to get the industry together, no strings, no catches!

We will then have your tip blown up alongside your logo waiting for you in the park at 12.30 on 1st October at Trinity Square Gardens, right beside Tower Hill Tube Station.

Please spread the word via #SecSeriousFestSecurity Serious Photo Call Official Photo (med jpeg)

RAINBOW

Do you remember the day when you got your dream car? How much fun you had driving around in it!  Then, slowly, the feeling started to wear off and you wanted something shinier, faster and smarter!  In fact, if you’re in sales, you’ll know that feeling you get when you are chasing the next big deal you get a huge kick when you bag it, but it only lasts a while before you’re after the next deal.

 

Well PR is a bit like that too, where you are constantly striving for, and demanding, the next big piece of coverage – the big national, TV or radio placement!  The pot of gold at the end of the rainbow! No longer are we just happy with getting into the trade publications; we don’t feel like we’ve achieved true greatness unless we get into the nationals.

 

It’s an addiction! An obsession! And we suffer from it here at Eskenzi!  What’s even worse our clients also suffer from it.  It’s totally contagious, chasing the next big story for that fantastic fix. You get it once and you want more and more!

 

The funny thing is that most of our clients come to us very disheartened about PR. They’ve often been let down by their PR agencies, and don’t really believe that they can get great press coverage day in and day out!  So, when they initially start with Eskenzi PR, they are delighted when they get into the likes of SC Magazine, Infosecurity, TechWeek Europe, ComputerWorld and Computer Weekly.  But then they want more! They start loving the idea that they’re seeing hits to their website going up day by day and then peaking when they get a great piece published.  Then they get into the likes of The Register, V3 or TechCrunch and still want more! Their sales teams start congratulating the marketing and PR teams, which we all know is virtually unknown for sales to do, because when they turn up at meetings prospective customers have heard their company name and are happy to talk to them.  They see the power of PR.

 

Then the icing on the cake happens. We get them a hit in the FT – the golden chalice!  Everyone jumps for joy!  They send out emails to the company, their customers and go home feeling proud that they’ve done a great day’s work!  It’s just the best feeling in the world – a buzz that nothing can compare to!  Then they want even more, we want more and so it happens. The next week’s coverage is just ten nice hits in the trades, but they want the nationals,. In fact they want TV.  And we then have to remind them that PR is all about peaks and troughs –good constant regular coverage in the tech press is just as important as the giant, circulation nationals!

 

Thankfully, at Eskenzi we can provide balance at the same time as maintaining our clients need for the big high!  Maybe that’s why our clients stay with us for an average of seven years.

 

This week alone, we got three clients mentioned in the FT, three different ones mentioned in the Guardian and The Times, and ITV are doing a programme with one of our clients next week. That is all on top of 330 pieces of coverage this week in the trades (and we’re talking The Register, Huffington Post, BBC.)

 

This week is no different to any other – I’d actually say it’s been quite a quiet one, as some weeks we can get 120 hits in one day! I hope, though, that we never get tired of the kick we get for our clients, nor should our clients ever get blasé with the coverage – we love it, we’re proud of it and I know they are too!  Who’d have ever thought that IT security PR would be such fun  and keep providing the constant buzz it does?!

get-it

It’s a funny one this subject about IT security – it always comes back to the users – without us there wouldn’t be any security issues! And without us we wouldn’t need security experts to keep us in check!  We need them and they need us – right!

Every year we organise the IT Security Analyst & CISO Forum which is a wonderful opportunity to get raw and heartfelt insight into how the CISOs are feeling – what they are seeing, what’s troubling them and what they’re doing to find sensible solutions around the problems they’re facing. I felt hugely buoyant after this year’s gathering of CISOs they really seem on top of what’s going on! They were openly collaborating and helping one another – they understand they’ve got huge security issues – but there’s nothing out there that they can’t cope with.  Calm is afoot.

What hit me the most was the realization that users are useless when it comes to security – we the users just don’t care – if it’s in our way we’ll get around it – so there was a consensus in the room that “we need to move away from a No to a KNOW mentality” – because it just ain’t working! So you can’t try and block users from trying to do their jobs, but find the tools to make sure you are on top of what they’re doing with the information.

Oh dear but then that’s not all that easy is it because the 2 next biggest bug-bears that the CISOs discussed was Shadow IT and privileged user management – that’s top of mind the moment.

Shadow IT was a real first for me, what I mean is the term, (sorry I’m a bit behind with the lingo these days), they were all harping on about this being a really big problem – that’s us people yet again in PR and marketing, sales and management – we keep downloading these wonderful sharing apps that make everything so simple for our wee non IT brains – you just download the app and hey presto we can all share spreadsheets and contacts etc amongst our colleagues quickly and efficiently. Quickly and efficiently was never really in the security programmers DNA which is why we always come to an impasse with the security folks.  The likes of google sharing apps, DropBox, Box etc are causing a real pain in the backside for security – secure data is being shared outside the organisation willy nilly – but the good news is that these bright young CISO are onto us – they know what we’re up to and are now learning how to discover, monitor and remediate us where necessary.  At least with the coolest tools out there – they can keep the auditors happy and show they’re doing their best to meet the demands of the compliance chaps!

So we can keep working away with our apps because the IT security folks realise they’re onto a road to no-where – so instead of fighting it and saying NO they’re moving to a culture of KNOW instead.

So the other problem they really started to sit up and talk passionately about was the thorny problem of managing privileged users. Hmmm, it’s the human factor yet again! The typical scenario went as follows: One person is given access to the sensitive stuff, they then share it with a colleague when they go on holiday, a consultant comes on board they then get given access, the original person is promoted into another department or leaves, they hand over access to another new person but still retains access to the original information even though they no longer need it and so on.  One CISO from a major bank who shared his angst found his sentiments were mirrored by most of the other CISOs around the table – “Companies grow very quickly and you get lots of changes so we try to conduct regular privileged access account reviews, but I have to admit it’s one of the biggest problems we have not yet solved.”

It’s the thorny old problem – if you don’t drill into your staff that the data is a major asset of the company and it needs to be respected and dealt with responsibly then it won’t be respected.

Back to good old user security awareness and best practices then! You train your staff and they’ll be your biggest allies – get their trust, get them to take on a bit of the responsibility for security – and you’ll go along way to solving the problem.  That’s the conclusion I came to after listening to these savvy and very switched on CISOs, the reason they were so chilled was that they’ve learnt that security is a really big problem and it’s us users who are their biggest problem – but these guys have a strong handle on what’s going on they’re getting to grips with user awareness and responsibility!  They all admitted that it helps that over the last year the boards are giving them more air time at least 15 minutes every 6 months!  It means more so than ever they have the ear of the board who are giving them the responsibility, time and money to focus on putting security where it needs to go.  For more on what the CISOs talked about at the Eskenzi IT Security Analyst & CISO Forum read Ron Condon’s blog at http://www.itsecurityguru.org