Many enterprises believe that they have done everything right, and yet still they are hacked. What more needs to be done to protect against data breaches? Where are the security shortcomings?
It is all about changing the current security mindset, says Zulfikar Ramzan, chief technology officer at RSA. "Security practitioners need to eliminate the perimeter and adopt a prevention mindset to establish the security maturity of the organization in dealing with cyber-threats," he says. "Learning to distinguish between an intrusion and breach and working out ways to respond to breaches are critical."
It also is a matter of re-thinking how security spending is allocated.
Currently, most enterprises' budget split is in the ratio of 15 percent, 5 percent and 80 percent allocated toward monitoring, response and prevention, respectively, and this needs to change, Ramzan says.
He recommends that organizations allocate one-third of their budgets to each of those disciplines to build a better breach response framework.
Ramzan was a keynote speaker at the RSA Conference Asia Pacific & Japan in Singapore. In this excerpt of a one-on-one conversation at the event, he urges CISOs to spend enough time understanding business nuances and gaining greater visibility into the organization's security operations and compliance mechanisms.
In this interview with Information Security Media Group, Ramzan also elaborates on:
- How to involve stakeholders in security discussions;
- Dealing with technology sprawl and setting priorities;
- Leveraging technology innovations to set up a breach response framework
Ramzan is responsible for leading the development of the company's technology strategy and will focus on bringing to market the innovations that help protect RSA customers from the growing number of advanced threats. Prior to RSA, he served as CTO of Elastica, where he leveraged machine learning technologies and natural language processing to enable customers to more securely access and use cloud services. He earned his Ph.D in electrical engineering and computer science from Massachusetts Institute of Technology.