technology
reseller.co.uk
VOX POP
37
Rocco Donnino
,
Executive Vice President,
Corporate Development
,
AppRiver
“Unfortunately, solutions providers,
resellers/VARs, IT departments and end
users all bear blame when it comes to
data breaches if they are not following best
practices of ‘defence in depth’ through
a layered approach of security solutions
and network/end user education. Cyber
criminals do not focus on one area of the
network, but multiple areas of vulnerability
and user groups. These are predators that
use sophisticated tools and patience to
prey on weak links and poor user habits
within an organisation. Security ISVs must
provide global threat intelligence and
defence in depth security and productivity
services to their solutions providers and
other downstream partners, in conjunction
with best practice certifications, ‘follow
the sun’ 24-hour technical support and
ongoing education for their end-users.”
Paul Calatayud
,
CTO
,
FireMon
“Blame may not be best approach to the
situation; perhaps a better question is to
ask who should be held most accountable.
As someone with prior military experience,
who has done a lot of research on
leadership, I would say the CEO, board
and CISO of the impacted organisation
all hold accountability. But when it comes
to introducing risk to an organisation, I
would say most responsibility lies with
the end user. Four years’ worth of breach
and data forensics show me that end
users play an absolutely critical role in
defining and influencing overall risk in
an organisation. This often comes from
unintentional actions, such as clicking on
an email, downloading what they thought
was a trusted application, leaving their
laptop in a car to be stolen, or being
tricked into believing the email they are
reading is from a trusted source like their
CEO. Accountability and leadership play a
big role in educating and establishing a
culture that will ultimately determine the
likelihood of a breach.”
Part II
What more could/should the IT channel
be doing to make customers take data
security seriously?
Roy Duckles
,
Vice President of Business
Development
,
Positive Technologies
“The whole concept of IT Security is based
on the principle of Insecurity – if you don’t
buy this you will be breached. It is no
use just adding more components and
complexity to an IT Security infrastructure.
Selling more firewalls etc. will not fix
customers’ problems. Health checks, such
as audits and penetration tests, should
be offered to check the security position
of any business and to find the gaps and
vulnerabilities before the hackers do.
“The need to apply good IT security
practices and design should be the
value-add that the IT Channel presents to
its customers through training, seminars
and joint discussions. Unfortunately, many
IT Channel partners see a breach as an
opportunity simply to sell more IT security
products and services, which is the last
thing a customer wants to hear when their
Brand, Reputation and Integrity are lying
in pieces around their feet. Promoting how
they will be there to help when help’s what’s
needed most would be more valuable.”
Richard Stiennon
,
Chief Strategy Officer
,
Blancco Technology Group
“The IT channel has a major role to play
in educating customers about data
security and raising awareness of the
major security risks that aren’t being
adequately addressed. They’re the ones
who speak directly to end-users when
new technologies are integrated into the
business and who are often responsible
for decommissioning end-of-life assets.
The IT channel has a golden opportunity
to introduce best practice security
measures at the point when IT structures
and processes are still flexible enough
to change. This is especially important
in workplaces where BYOD is prevalent
among employees.
“They should encourage their
customers to follow relevant guidelines
set by the International Organisation for
Standardisation (ISO), such as ISO/IEC
27001, which includes guidelines for
secure asset disposal and data erasure,
and ISO/IEC 27018, which is a code
of practice for protection of personally
identifiable information (PII) in public
clouds acting as PII processors.”
Andrew Bushby
,
UK Director
,
Fidelis Cybersecurity
“The IT channel has a
responsibility to educate
customers and make them
aware of the true value of
cybersecurity. Indeed, there
is too much focus on the
fines laid out by the General
Data Protection Regulation
(GDPR) and not enough on
the value to the business
of good cybersecurity. The
maximum fine may change with GDPR,
but the biggest cost for companies is still
the effect a breach has on reputation and
profitability – i.e. TalkTalk’s £400,000 fine
for the breach versus the loss of 101,000
customers and £60 million. The simplest
piece of advice is for the channel to get
organisations to look at the value of the
data they are protecting.”
Steve Nice
,
Security Technologist
,
Node4
“The IT channel should be providing better
education and guidance around security
best practices in order to make customers
take data security seriously. IT security
should be second nature, like locking
your front door when you leave the house.
The channel could offer master classes/
workshops to show customers how easy
it is to extract data. Our managed security
service clients tell us that we are identifying
threats they didn’t even know existed. By
arming them with the threat intelligence
they need, we are creating an opportunity
The whole
concept of IT
Security is based
on the principle
of Insecurity
– if you don’t
buy this you will
be breached
Continued...
Andrew Bushby,
UK Director,
Fidelis Cybersecurity
Rocco Donnino,
Executive Vice President, Corporate
Development
,
AppRiver
Paul Calatayud,
CTO
,
FireMon
