Our pal Eddie Schwartz was appointed CSO of RSA earlier this week, probably with a major role in the mothership (EMC). The Tweeter has exploded with congratulations, as well as the warnings on the difficulty of the task, given the various footwear that will inevitably continue to drop resulting from the breach of April. Believe me, Lockheed and L-3 are at the tip of the iceberg.
Also think about Sony, which had been submitted to a continuous pirate maimed loves them which we had not seen before. The sad story is documented in real time at attrition.org. Shit, they even did have Sony a verb (sownage). Which is never good. Sony has recently appointed fellow to resolve, and he faces the same challenge: Eddie. How you drive consistent awareness and behavior change to protect the information in an organization of tens of thousands of people?
You had better have a plan and not in the short term. There is no quick fix for a situation like this.
Why can not Sony and EMC simply write some checks and resolve? Would that be nice? But as my father-in-law said, "If this is a problem you can solve with money, it is not a problem." Guess what? It is a problem. SHRDLU recent missive really illuminates problems to everyone to March for exactly the same drum. As she said, it takes a lot of time (think years, not months) to the effect that the level of change.
As if it were the only issue with these guys, the situation would be manageable. Kind of. Unfortunately it is not so simple, because we live in a world in the short term, and two of them should play find droppings, - I want to say, an assessment of the risks, understand where reside other soft targets. Then, they need to monitor these resources and watch carefully for signs of attack. Like sharks smell blood, it will not take long before the next wave of starving attackers surrounded the trucks, that happens now with Sony. It is the plan in the short term.
But we know that short term is a fun way to consume all resources, forever. You know, life is a series of fires in the short term which must be addressed. Long-term plans never mature (and often are not yet be made). It is what separates the organizations that recovery of breaches of those who do. Art is to pay attention in the short term without losing sight of long-term goals.
Yeah more, easily said than done. Sony, RSA/EMC, Epsilon, Lockheed and all other organizations present in the cycle 24/7 media have an excellent opportunity to take advantage of their pain in the short term to implement the structural changes in the long term. They will do? I have no idea, but we know enough early by keeping an eye on the first page. The media are like that.
-Rothman (0) Mike comments
0 comment:
Post a Comment