Blog

Tag: PwC

Cyber Security Takes Center Stage at Stevens Institute Of TechnologyFasoo and the New Jersey Technology Council sponsored “Closing the Threat Gap: Executive Perspectives on the Cybersecurity Landscape” at the Stevens Institute Of Technology in Hoboken, New Jersey on October 26, 2016.  The event featured cyber security leaders discussing the effects of internal and external threats to businesses.  There was a great turnout with some existing Fasoo customers, executives, attorneys, risk officers, CISOs, IT and security professionals from numerous organizations in the greater NY area.  Common feedback from the event was an appreciation for understanding the larger cyber security landscape and how everything from drones to DDOS attacks can affect their companies and personal lives.

Dr. Larry Ponemon, Chairman of the Ponemon Institute, was the first keynote speaker. He talked about the increased threat landscape and how trusted insiders are fast becoming one of the main threats to organizations.  Citing from the recent study “Risky Business: How Company Insiders Put High Value Information at Risk“, he emphasized how ill prepared many companies are to detect and prevent data breaches from trusted insiders with over 70 percent of companies not confident they can manage and control employee access to confidential files.  Dr. Ponemon also talked about results from “The Rise of Nation State Attacks” citing organizations’ lack of readiness to respond to nation state attacks due to an uncertainty as to what a nation state attack is and how to identify the key characteristics, methods and motives of these attacks.

Mark Lobel, US and Global TICE Cybersecurity Leader at PwC focused his keynote on results of the recent PwC “Global State of Information Security Survey 2017”.  Mark mentioned that spending on security is increasing in most organizations and many are realizing that they have to concede the perimeter.  With increasing threats and the landscape constantly shifting to include IoT devices and greater mobility of the workforce, the need for better threat intelligence, monitoring and protection of high value assets is greater than ever.  We still need perimeter security, but companies need to focus on preventing the exfiltration of sensitive information from either hackers or insiders through sophisticated means.  Mark used the analogy of cyber security being like a game of chess with the kings removed. You can never win and it’s a constant battle to keep ahead of the exploits and vulnerabilities.

A panel discussion moderated by Dr. Paul Rohmeyer, Associate PFasoo dinner with Dr. Larry Ponemon and Dr. Paul Rohmeyerrofessor Information Security Management, and Risk Assessment at Stevens, discussed recent cyber security events and some major trends going forward.  The panel consisted of Mark Lobel, Dr. Larry Ponemon, Michael Frank, President at Secure Business Strategies, and Mike Miracle, an executive at BlackRidge Technology. There was a lively discussion of the recent DDOS attack that crippled major websites, like Netflix and Twitter.  This lead to audience interaction as the panel and audience members discussed who is responsible for security related to a product. Should the manufacturer build security into the product or is it the responsibility of the organization implementing the product to ensure the network and access to the product and it’s data is secure?  Or in the case of DDOS is it up to the telecoms to block that traffic?

In the case of IoT devices, like those used for the DDOS attack, the consensus was the manufacturer needs to build security in, but in many cases there are no standards or certifications available to ensure security.  One panelist mentioned wanting something similar to the Underwriters Labs (UL) mark to ensure safety and security.  There were discussions about the increasing sophistication of attacks from hackers and how best to prevent taking down your systems or more commonly stop someone from stealing your most sensitive information.  It is most important to secure the data so that if it gets into the wrong hands, it is protected.

There was one question from the audience about legal responsibility when organizations share information on attacks with the goal of improving their security. The guidelines of what to share and how are still being developed and debated.  Numerous Information Sharing and Analysis Organizations (ISAO) do exist, but the sharing of attack and vulnerability information is still a work in progress. It may make sense technically to share, but if you are sharing sensitive data with a competitor that might potentially use it against you, you are less likely to share it.

There was also a lot of discussion on how process and policy needs to go hand in hand with technology. While the goal is to simplify security so that the user is unaware of it, the reality is that policy and process are needed to guide technology. I can have the best technology, but if it’s not used properly and people ignore security basics, they will ultimately get in trouble.  Organizations need a combination of good policy, process and technology.  While the goal is to improve our machine learning capabilities to take the human out of the cyber security decision tree, people are still at the heart of the problem and solution.

Fasoo sponsors Cybersecurity event at the Stevens Institute in Hobeken, NJFasoo, in partnership with the National Cyber Security Alliance, New Jersey Technology Council and Stevens Institute of Technology is hosting “Closing the Threat Gap: Executive Perspectives on the Cybersecurity Landscape” featuring Dr. Larry Ponemon, Chairman of the Ponemon Institute, and Mark Lobel, US and Global TICE Cybersecurity Leader at PwC.  The event is at the Babbio Center, Stevens Institute of Technology in Hoboken, New Jersey on October 26, 2016 from 3:30 – 6:00 p.m.

The two keynotes will focus on the most pressing security issues facing organizations today. Dr. Larry Ponemon will review three of 2016’s highest rated studies focusing on cyber security and how organizations can best position themselves to protect sensitive information.  Mark Lobel will present the finding of PwC’s “Global State of Information Security Survey 2017,” that was released on October 5th. The keynotes will be followed by a panel discussion monitored by Dr. Paul Rohmeyer, Associate Professor Information Security Management, and Risk Assessment at Stevens Institute of Technology.

While the event is open to the public, seating is limited and requires registration. For more information on the event and to register:https://www.stevens.edu/school-business/cyberevent#registration

Fasoo Digital Intelligence 2016Fasoo successfully held its biggest event of the year, Fasoo Digital Intelligence 2016, on April 7, 2016 at the Ritz Carlton Hotel in Seoul, South Korea.  Over 500 attendees, including customers and the media, saw how Fasoo can help organizations enhance productivity and security when creating and sharing business information.  The theme of the event was Lead Digital as Fasoo showed how best to provide intelligence into an ever growing digital world.

During the day, Fasoo shared recent global security trends and provided an overview of new and updated solutions that focus on increasing and improving productivity and security.  Dr. Kyugon Cho, CEO of Fasoo, said, “When we make software that focuses on only security or productivity, neither is satisfied.  We must consider the current digital environment and security when it comes to developing software to include both productivity and security in our software at the very beginning.  This will be Fasoo’s core philosophy in doing business.”

Marcus von Engel, a PwC Partner, delivered a keynote address that focused on global security trends and how organizations need to become cyber resilient in these days of escalating dangers from insider threats and external threat actors.  Ron Arden, Vice President of Fasoo, Inc., shared recent success stories of Fasoo activities in North America.

Fasoo Digital Intelligence 2016 Is A Big HitA key focus of Fasoo’s strategy is the Fasoo Data Security Framework, a core set of intelligent security solutions to help organizations discover, classify, protect and manage unstructured data both inside and outside of a business.  Fasoo presented and demonstrated the framework and some use cases that showed how using data-centric security with people-centric policies provides persistent protection to sensitive data as you share it throughout your organization and with business partners.

Presenters showed new functionality of Wrapsody, a digital document platform which creates a more intelligent work environment.  Product management showcased capabilities that recommend related documents based on the analysis of usage data and achieve insight into work management based on usage logs.  This helps organizations understand how people are using documents and what interrelations those documents have with others used within the same or different departments.

Also during the event, DigitalPage announced the addition of some new functions such as dynamic view, ‘leaving your footprint’, and automatic page formation, which all leads to increasing productivity.  If you haven’t tried it, click here to see how to simplify your digital life.

Fasoo introduced a distinctive solution named Analytic DID, which strives to secure personal information using big data and is designed to target the big data analytics market.  The project is being developed in cooperation with leading big data experts and helps de-identify information as organizations analyze market data in numerous industries, such as healthcare and financial services.

All in all, it was a very successful day as customers saw the latest solutions to help them become more productive and share information securely as the digital worlds of business and consumer continue to blur.

Protect Against R&D Data TheftRecently I was in a meeting with a global pharmaceutical client in New Jersey who told me of the importance they place on their highly secure, centrally managed and monitored persistent security platform to protect against data theft and ensure that their valuable R&D information cannot be lost or inadvertently sent to a competitor.

As the meeting ended, I was informed of the news about the charges brought against five people in the Untied States around trade secret theft inside another global pharmaceutical company. Allegedly a senior level manager at the company was involved in this theft.

Given the global state of business competition, there is a special appeal to the cyber thugs with high-priced or high-demand items. There is an alarming interest in stealing intellectual property, trade secrets and exactly how these items are produced.

A recent Verizon Data Breach Report 2015 identified Manufacturing as the most commonly attacked industry sector for cyber espionage.

Another recent worldwide study by consulting firm PwC and CIO and CSO magazines, “The Global State of Information Security Survey 2016”, provides some alarming indicators of the security threat landscape:

  • Theft of “hard” intellectual property increased 56% in 2015
  • Employees remain the most cited source of compromise
  • Incidents attributed to partners climbed 22%

It is time that organizations with high value data shift their security focus from the perimeter to insider threats to lock down R&D data, intellectual property and trade secrets. Today technology advancements afford a variety of methods for an employee, contractor or a partner to take critical data electronically from an organization. There are many ways for a trusted insider to steal or inadvertently share sensitive data – printing paper documents, copying files to hard drives, downloading information onto a CD or a USB memory stick, and screen captures are a few such methods as examples.

When we add mobility adoption in the workforce and how this adds to the complexity of securing high value data, this task seems almost insurmountable. Targeting and protecting critical value data ensures that a company maintains its intellectual property, R&D work and its competitive edge in the market.

Protecting this data need not be such a daunting task. A data-centric persistent security approach can effectively help you protect and lock down your data.

Categories
Book a meeting