Security spoke to Kimber Goerres, Security Systems Integration & Project Management Lead at Sony Electronics, who has served diligently in her role, ensuring the company’s error or down rate is nominal and establishing the technical security requirements for Sony offices globally. Here, Goerres speaks about her role, establishing technical security requirements and ensuring improved security levels through risk, vulnerability and audit assessments.
In the past, passwords were the key to accessing systems and platforms, and they held much value as a security measure for businesses. But over time, the threat landscape has evolved, and weaknesses have been discovered in standard encryption methods that have diminished the password’s value.
In a sense, it is understandable why so much business and consumer coverage of tech security is driven by the latest high-profile breach. After all, good security that works and prevents malware and ransomware attacks does not generate headlines. However, to those of us active in information archiving and cloud security and who understand the blessings and dangers of Software-as-a-Service (SaaS) in the cloud, for example, it sure is maddening.
While many organizations may realize they can’t entirely eliminate cyber risk, they still need to quantify their security efforts and set thresholds to show whether they’re trending positively or introducing more risk. The right metrics help to shed light on a company’s current security posture and, more importantly, where it might have gaps, shortcomings, or areas to prioritize for future improvement.
Software as a service (SaaS) has taken over, and the average enterprise now uses hundreds of unique SaaS applications to accelerate their digital transformation and business velocity. However, while SaaS has fulfilled its growth-enabling potential, most organizations have lost their grip on its consumption and use. IT and security teams can no longer depend on network or endpoint controls to govern application access.
With more than a hundred continuous integration and continuous deployment (CI/CD) tools to choose from and hundreds of plugins and services connected to those tools, no wonder security teams have a hard time grasping the amount of information and security requirements of these environments.
The cybersecurity industry is in the midst of a skills crisis. With a cyberattack occurring approximately every 39 seconds, every business needs a well-trained staff to protect it. How can the void be filled? Artificial intelligence (AI). It’s one of the best hopes for the industry and has the potential to ease the pressures of the security skills shortage.
It’s important that businesses understand that DDoS attacks aren’t just a blip on the radar; if not handled properly, they can be devastating to the long-term prospects of a business.
While it’s true that ethics and conduct are matters under the control of humans, financial companies and other entities also have ethical responsibilities, typically enshrined into a corporate code of conduct. When corporate principles aren’t adhered to, and unethical behavior becomes the norm, disaster can ensue.
RSS
