We’ve seen an ongoing cybersecurity technology trend that goes something like this:
Jon Oltsik, on Aug 24, 2018
Recently, ESG completed its second annual enterprise-class cybersecurity vendor research. The story behind this project goes something like this: Enterprise organizations (i.e., those with 1,000 employees or more) have too many point tools and are now engaged in projects to integrate security technologies while eliminating some tools and vendors along the way.
Jon Oltsik, on Aug 21, 2018
Last week, I published a blog on the state of cybersecurity at small organizations. As a review, two-thirds of firms with 50 to 499 employees have experienced at least one cybersecurity incident over the past few years, leading to lost productivity and business disruptions. Survey respondents claim that the biggest contributing factors to these cybersecurity incidents include human error, a lack of knowledge about cyber risk, and new IT initiatives lacking proper cybersecurity oversight.
ESG recently completed a research survey of 400 cybersecurity and IT professionals working at small organizations (i.e., 50 to 499 employees) in North America. As you can imagine, these firms tend to have a small staff responsible for cybersecurity and IT, reporting to business management rather than CIOs or CISOs.
I’m not sure how many people attended Black Hat in Las Vegas last week, but it surely felt like a record crowd. Optimistic attendees lauded the show for its threat research and focus on cybersecurity skills while skeptics bemoaned Black Hat changes, disparagingly referring to the show as ‘RSA in the desert.’
As for yours truly, my week was educational, albeit exhausting. I started early by participating in the CISO Summit on Tuesday where I hosted a panel on AI and machine learning in cybersecurity. My week ended with a Thursday dinner brainstorming session on cybersecurity operations. There were dozens of formal and informal meetings in between.
Last week, Cisco jumped head first into the identity and access management (IAM) market with its acquisition of Duo Security for over $2.3 billion. Now, I’ve been chatting with Cisco about identity management for many years. Cisco always understood the importance of identity management in the security stack but remained reluctant to jump into this area.
I’m about to leave New England and brave temperatures of 110 degrees or above. It may sound crazy, but I’m actually looking forward to the trip next week. Why? I’m heading to Black Hat USA in Las Vegas, and I’m excited to learn more about:
Jon Oltsik, on Jul 30, 2018
I attended my first Google Next conference last week in San Francisco and came away quite impressed. Clearly, Google is throwing more of its engineering prowess and financial resources at GCP to grab a share of enterprise cloud computing dough and plans to differentiate itself based upon comprehensive enterprise-class cybersecurity features/functionality.
Earlier this week Rubrik announced the launch of a new addition to the Polaris SaaS platform: Polaris Radar. This new application focuses on the mitigation of data security incidents with ransomware squarely in its sights.
In our 2018 IT Spending Intentions Survey, ESG identified that ransomware is on the rise and represents a concern for both business and IT leaders. Ransomware has become very pervasive and the majority of firms ESG surveyed reported experiencing ransomware last year, generating a high level of concern, with 81% of organizations reporting to be either concerned or highly concerned about ransomware.
The CISO role has evolved over the past few years from tactical IT manager to strategic business executive. Given this transition, what qualities are most important for making CISOs successful?
To answer this question, I went back to the data from last year’s research report from ESG and the Information Systems Security Association (ISSA). I then cut the data by respondents' role to understand what CISOs think is most important.