GEC NEWS WIREBefore GISEC 2015 unfolds, one of the leading speakers at the event Dan Lohrmann engaged in a twitter conversation over information security challenges. As Michigan’s Chief Security Officer (CSO) & Deputy Director for Cybersecurity & Infrastructure Protection, Dan led all aspects of cybersecurity, physical security, department emergency management and critical infrastructure protection within state government until he rejoined the private sector in August 2014. Known for his refreshingly practical commentary on technology and advice on computer security and ethics for home and work, Dan Lohrmann is known to open some eyes with his cybersecurity stories.
“Right now the bad guys are ahead of the good guys. I think the good guys will eventually catch-up, but it will take time.”
DANIEL J. LOHRMANN Chief Strategist & Chief Security Officer Security Mentor; ex CSO of State of Michigan
What are the top 5 security trends that are likely to impact the Middle East?
Security issues with the cloud, mobile, big data, internet of things (IoT) and critical infrastructure protection.
According to you, which industry is standing on the threshold of security vulnerability in this region?
No one industry is most vulnerable. Banking is a big target, but so is oil and gas.
You have been recognized time and again for your skills as CSO; what’s your best tip for CSOs worldwide?
Build trusted relationships with the business. For further tips, visit Why security pros fail (and what to do about it)
Many enterprises still don’t have a CIO-CISO system; many still manage with either- do you think that can be a trouble?
To some extent yes. You need someone who is accountable and has the resources to get the job done right.
The data we host on clouds- who is responsible for their security ? Are there strict norms regarding the same?
The data owner will always answer to their customers. Again, you can outsource the function, but not the responsibility.
You are a seasoned CSO; how have you seen the trends changing before you in enterprise security?
Absolutely. The CISO has moved up the org chart, and the role is getting more attention. Also, more threats and risks.
Which is the weakest link in cyber security?
No doubt the human – end user…
So what makes the end users the weak link- complacency or the ignorance?
A bit of both…
Smartphones are not safe, but can’t be done away with too .So, is there a plausible solution indeed?
Enterprises need to have mobile device management (MDM) and security processes and procedures that are enforced. This (MDM) is certainly not perfect, but it can lower mobile risk tremendously.
Not all data breaches are equally severe. Do we have a scale indeed to judge how bad it is?
No scale today – But I think we need a cyber breach Richter scale. For more details, you may refer to Do data breaches need a Richter scale? [Breach-tor Scale may be ?]
Is social media the new gateway to cyber terrorism?
Yes – it is one of the gateways.
Is there still no way to stop the cyber crime before it actually hits the enterprises?
No single way. It takes great people, processes and technology. It is also a 7×24 challenge…
Is it really okay to trust an enterprise’s security to a third party service provider?
A good lawyer answer: “It depends…” You need to know who you are dealing with. Background checks. Trust but verify. Also remember that you can outsource the functions, but never outsource the risk and your company or government reputation
Is cyber threat landscape of MEA anyway different from other regions?
Every region has its own unique challenges, but overall it is very similar around the globe. The Internet has few borders.
Most of the cyber attacks hardly are from very rich countries; how is it that we still aren’t able to outwit them with knowledge and resources?
I don’t think we have put a high enough priority on the problem. The awareness is improving – still not where it should be.
Should cyber insurance be made compulsory? What’s your take?
Not today, but mandatory cyber insurance may be coming. The industry must evolve first and agree to better standards.
Why does it always turn out that in cyber security- bad guys turn out smarter than the good ones?
Great question. The bad guys only need to be right once right now, and we are outgunned at the moment. More time and money.
What’s the best tip for enterprise security now?
A good risk assessment of your enterprise
What is the biggest worry you see CISO’s grappling with globally?
Moving forward – the explosion of mobile devices flowing into the Internet of Things (IoT)
Antivirus, Firewalls – nothing is losing its value. Is security always going to grow more complicated only? Is there no simpler way out?
Great point! It seems likely right now. And yet, the new products just keep coming don’t they? Right now the bad guys are ahead of the good guys. I think the good guys will eventually catch-up, but it will take time.
Is BYOD the new WiFi?
Absolutely – you read my blogs thank you! – Here’s why
Dan will be back for another round of Twitter engagement on 23rd April 2015.
Meet Dan at the GISEC Conference on 27 April at his keynote titled: “CISO 2020: Are you ready to be the guardian of your state?” To learn more, download the GISEC Conference Agenda
