SlideShare une entreprise Scribd logo
1  sur  2
Télécharger pour lire hors ligne
2014 taught us that massive security breaches are the new normal for U.S. companies, government
agencies, and universities. Some of the most prominent were Target, Home Depot, Neiman
Marcus, Apple's iCloud, Michaels, the U.S. Postal Service, the IRS, Community Health
Services, UPS, Staples, the State Department, Sands Casinos, USIS, eBay, PF Chang’s, JP
Morgan Chase, and, to sum up the year, Sony Pictures. The sobering reality is that it is
now no longer a matter of if but when and how often that we’re going to be breached. In
2014, we witnessed CEOs being fired, CIOs let go, boards of directors personally sued,
and company data stolen or sabotaged on a grand scale. What will the extent of the damage
be to our company, shareholders, and customers? What are the bad actors really after?
Innovation is the primary engine that has driven the U.S. economy over the past 100 years.
Our innovation has evolved over decades of extensive and compounded investment in trade
secrets, technology, and processes, including personally identifiable information (PII). Today,
companies have untold trillions of dollars invested in U.S. innovation. It is precisely our
innovation that is of superior value to data thieves. An estimated $500 billion is stolen
from U.S. companies and the U.S. economy each year. It is much faster, cheaper, and more
effective for bad actors to steal our innovations than to make their own investments in dollars,
people, and time. Nearly all of our innovation is converted and stored electronically as data.
A more frightening fact is that most of the breaches reported in 2014 were from retailers - which
account for only 20 percent of breaches. Publicly held companies are required to report all
breaches and that is especially true for retailers when it involves consumer PII. Conversely,
80 percent of (non-retailer) companies either choose not to report the breach due to a
potential stock hit or, worse, don’t know that they have been breached. Innovation and
trade secrets are more nebulous than PII and therefore more difficult to protect and notice
when breached or stolen. This fact is sobering.
The data protection strategy on which most companies focus today is defending the
“perimeter” or “castle walls.” This strategy has evolved over the past two decades with a
collage of products to address an array of security issues. By definition, individual products
have inherent limitations and quickly become obsolete. When mapping numerous vendors’
products together into a security solution, gaps in coverage appear. These gaps are further
widened by the assault on access points by smartphones, apps, and pervasive free Wi-Fi. In
2014, we became painfully aware that the perimeter strategy is no longer effective.
In 2015, It’s All about
the DataT. Casey Fleming , CEO
BLACKOPS Partners Corporation
Eric Qualkenbush, Board of Directors
BLACKOPS Partners Corporation
A New
World
Holy Grail
80/20
Rule
Perimeter
United States Cybersecurity Magazine | www.uscybersecurity.net00
Today, security strategies must quickly evolve into a hybrid model that critically focuses
on the data itself. Data must be classified as to its importance, with emphasis placed on
carefully controlling and vetting access all the way through the supply chain. A hybrid
model must also address all aspects of the human element, including insider threats,
external spies, disgruntled, separated, or careless employees, contractors, and suppliers.
A vacuum exists in nearly every company between the tactical and strategic views of information
security. Those career-focused employees who take the initiative to take personal ownership
of the 360-degree view will become indispensable to their company executives and fellow
employees. Employees who become experts in both perimeter and hybrid data-centric
models of defense and the current intelligence that drives them can expect to advance
rapidly as they fill important gaps in their companies. There are also opportunities
for C-level executives to engage their boards of directors in providing relevant
intelligence and solutions.
Data and information security is the responsibility of every employee, executive, board
member, contractor, and supplier. Each individual must be trained and certified each year
with the latest intelligence-driven and research-based tools. Training raises the awareness
level among all employees to maintain a higher level of data security for the protection
of everyone’s jobs. Awareness creates and maintains vigilance. Data security is everyone’s
responsibility, because stolen data may mean lost jobs.
Hybrid
Get
Engaged
All
Hands
T. Casey Fleming serves as Chairman and
Chief Executive Officer of BLACKOPS Partners
Corporation, the leading management advisors
of America’s elite executive thought leaders from
intelligence, technology, federal law enforcement,
information security, and management consulting.
Mr. Fleming is a leading expert in the advanced
protection of innovation, trade secrets, and competitive
advantage for Fortune 500 companies, U.S. government agencies,
universities, and research facilities. Mr. Fleming is a former
innovative information security and management consulting
executive who created organizations for Good Technology,
Deloitte Consulting, and IBM Global Services.
Eric L. Qualkenbush is a member of the Board of Directors of
BLACKOPS Partners Corporation. Eric is a former intelligence
community senior executive with extensive experience leading large
multicultural organizations through transformational change. He is an
innovator who has created organizations and programs that deal with
the worldwide proliferation of weapons of mass destruction, insider
threat, and competitive intelligence. During his CIA career, Eric led
the CIA’s principal training organization and the office that created
and managed cover arrangements for all CIA personnel and others in
the US government. Eric also managed undercover CIA operations in
five overseas offices. Eric has done pioneering work on mitigating the
threats from insiders in private and public organizations.
®
PARTNERS
About the Authors
United States Cybersecurity Magazine | www.uscybersecurity.net 00

Contenu connexe

En vedette

Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...Palo Alto Software
 
9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free VacationWeekdone.com
 

En vedette (20)

Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
 
9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation9 Tips for a Work-free Vacation
9 Tips for a Work-free Vacation
 

BLACKOPS It's All About the Data Spring2015

  • 1. 2014 taught us that massive security breaches are the new normal for U.S. companies, government agencies, and universities. Some of the most prominent were Target, Home Depot, Neiman Marcus, Apple's iCloud, Michaels, the U.S. Postal Service, the IRS, Community Health Services, UPS, Staples, the State Department, Sands Casinos, USIS, eBay, PF Chang’s, JP Morgan Chase, and, to sum up the year, Sony Pictures. The sobering reality is that it is now no longer a matter of if but when and how often that we’re going to be breached. In 2014, we witnessed CEOs being fired, CIOs let go, boards of directors personally sued, and company data stolen or sabotaged on a grand scale. What will the extent of the damage be to our company, shareholders, and customers? What are the bad actors really after? Innovation is the primary engine that has driven the U.S. economy over the past 100 years. Our innovation has evolved over decades of extensive and compounded investment in trade secrets, technology, and processes, including personally identifiable information (PII). Today, companies have untold trillions of dollars invested in U.S. innovation. It is precisely our innovation that is of superior value to data thieves. An estimated $500 billion is stolen from U.S. companies and the U.S. economy each year. It is much faster, cheaper, and more effective for bad actors to steal our innovations than to make their own investments in dollars, people, and time. Nearly all of our innovation is converted and stored electronically as data. A more frightening fact is that most of the breaches reported in 2014 were from retailers - which account for only 20 percent of breaches. Publicly held companies are required to report all breaches and that is especially true for retailers when it involves consumer PII. Conversely, 80 percent of (non-retailer) companies either choose not to report the breach due to a potential stock hit or, worse, don’t know that they have been breached. Innovation and trade secrets are more nebulous than PII and therefore more difficult to protect and notice when breached or stolen. This fact is sobering. The data protection strategy on which most companies focus today is defending the “perimeter” or “castle walls.” This strategy has evolved over the past two decades with a collage of products to address an array of security issues. By definition, individual products have inherent limitations and quickly become obsolete. When mapping numerous vendors’ products together into a security solution, gaps in coverage appear. These gaps are further widened by the assault on access points by smartphones, apps, and pervasive free Wi-Fi. In 2014, we became painfully aware that the perimeter strategy is no longer effective. In 2015, It’s All about the DataT. Casey Fleming , CEO BLACKOPS Partners Corporation Eric Qualkenbush, Board of Directors BLACKOPS Partners Corporation A New World Holy Grail 80/20 Rule Perimeter United States Cybersecurity Magazine | www.uscybersecurity.net00
  • 2. Today, security strategies must quickly evolve into a hybrid model that critically focuses on the data itself. Data must be classified as to its importance, with emphasis placed on carefully controlling and vetting access all the way through the supply chain. A hybrid model must also address all aspects of the human element, including insider threats, external spies, disgruntled, separated, or careless employees, contractors, and suppliers. A vacuum exists in nearly every company between the tactical and strategic views of information security. Those career-focused employees who take the initiative to take personal ownership of the 360-degree view will become indispensable to their company executives and fellow employees. Employees who become experts in both perimeter and hybrid data-centric models of defense and the current intelligence that drives them can expect to advance rapidly as they fill important gaps in their companies. There are also opportunities for C-level executives to engage their boards of directors in providing relevant intelligence and solutions. Data and information security is the responsibility of every employee, executive, board member, contractor, and supplier. Each individual must be trained and certified each year with the latest intelligence-driven and research-based tools. Training raises the awareness level among all employees to maintain a higher level of data security for the protection of everyone’s jobs. Awareness creates and maintains vigilance. Data security is everyone’s responsibility, because stolen data may mean lost jobs. Hybrid Get Engaged All Hands T. Casey Fleming serves as Chairman and Chief Executive Officer of BLACKOPS Partners Corporation, the leading management advisors of America’s elite executive thought leaders from intelligence, technology, federal law enforcement, information security, and management consulting. Mr. Fleming is a leading expert in the advanced protection of innovation, trade secrets, and competitive advantage for Fortune 500 companies, U.S. government agencies, universities, and research facilities. Mr. Fleming is a former innovative information security and management consulting executive who created organizations for Good Technology, Deloitte Consulting, and IBM Global Services. Eric L. Qualkenbush is a member of the Board of Directors of BLACKOPS Partners Corporation. Eric is a former intelligence community senior executive with extensive experience leading large multicultural organizations through transformational change. He is an innovator who has created organizations and programs that deal with the worldwide proliferation of weapons of mass destruction, insider threat, and competitive intelligence. During his CIA career, Eric led the CIA’s principal training organization and the office that created and managed cover arrangements for all CIA personnel and others in the US government. Eric also managed undercover CIA operations in five overseas offices. Eric has done pioneering work on mitigating the threats from insiders in private and public organizations. ® PARTNERS About the Authors United States Cybersecurity Magazine | www.uscybersecurity.net 00