Back to basics for IT security market
Forget whizzy new technology - most customers aren't doing third-party patch management, panelists at CRN Security Summit complain
Back to basics may well be the motto of the IT security industry this year, if comments made by resellers during the CRN Security Summit, which is being screened today, are anything to go by.
When asked about the whizzy new security technologies they are betting on in 2016, panellists in one session said they were more concerned about helping customers do the fundamentals such as patch management.
One said that three quarters of vulnerabilities his firm had found had been known in the industry for more than two years. Another pointed out that most of his customers are still not doing third-party patch management.
Other sessions saw top European tech executives go toe to toe on the topic of data privacy and a debate over whether the industry is suffering "data breach fatigue".
Meanwhile, in a Q&A for the summit, an ethical hacker who has hacked into, among other things, a wireless kettle and children's doll, warned of the growing threat accompanying the Internet of Things stampede, and how resellers can capitalise.
Having taken part in most of the sessions, I was left with the impression that IT security will continue to represent the number-one opportunity for the channel in 2016. All the sessions can either be viewed live or on demand by registering here.
Getting the basics right
Although the IT security market is a hotbed of innovation right now as the industry strives to stay one step ahead of the hackers, a back-to-basics theme emerged during the summit.
"A lot of organisations still aren't addressing the basics, including patch management," said James Miller, managing director of Foursys during the panel session entitled The Future of IT Security.
"We did a survey a few months ago and 90 per cent of respondents came back saying they weren't really doing third-party patch management. Yes, there's a lot of exciting technology, but we are taking the approach that we will also look to cover off the basic side to ensure they are protected fully, rather than just jumping into the latest and greatest."
NTT Com Security's Stuart Reed agreed.
"There's an interesting theme in terms of getting the basics right," he said.
"That's something we picked up last year in our global threat intelligence report. Around three quarters of the vulnerabilities we found were actually known in the industry for two or more years. And approaching 10 per cent of those were known for 10 years or more. Getting the basics right - the patch management aspect - is important."
However, panellists in this session all agreed that new and emerging technology, such as security information event management, will be a hit in the coming years as firms redirect more of their security budgets to minimising the damage of attacks.
This was a theme that emerged in another panel session, entitled Battling Breach Fatigue, which saw Terry Greer-King, director of cybersecurity at Cisco UK, discuss the shift in the industry from protect to detect and defend.
"There are two types of company in the world: those that have been breached, and those that are about to be breached," he said.
"The industry average for recognising a breach is somewhere between 100 and 200 days, which is just too long...60 per cent of data is stolen in the first couple of hours.
"We need to move towards analytics engines to work out when we are being breached and then try to remediate."