Canon Europe, world-leader in imaging solutions, held the first in a series of security roundtables attended by leading industry figures at this year’s ISF Forum

    In a year dominated by high profile security incidents, the debate highlighted the changing role of the CSO – from focusing on technology to information

    This change is underpinned by the underlying shift in business technologies, as CSOs are required to move from protecting endpoints to providing secure access to information

    Attended Mark Brown, Chief Information Security Officer at SAB Miller, commented: “Historically security has been all about the tech, all about the device. For me that is IT security. We (CSOs) need to elevate ourselves to being Information Security.”

Other key trends highlighted during the debate include:
 
Current security protection needs evolve at a faster pace

    Data loss and hacktivism are the two types of breach which strike fear in the hearts of CSOs, and require a different approach to security than traditional threats

    As the landscape evolves, CSOs need more security intelligence to help them deal with the problems of the future because right now they are still dealing with the problems of today

    Discussing current legislation, Quentyn Taylor, Director of Information Security at Canon Europe, said: “The problem with current cyber security legislation is that it stops at national borders, yet by definition cybercrime is trans-border. Whilst law enforcement agencies work very hard, they are used to dealing with things in the local statute book.”

Education is key, and must start from the ground up

    CSOs need to look beyond the traditional methods of employee training, and implement creative awareness programmes which stand a better chance of being received and remembered

    All areas for potential leaks need to be considered - recent Quocirca research found 70% of enterprise respondents suffered one or more accidental printing-related data breaches, an area often overlooked

Adrian Davis, Principle Research Analyst at the Information Security Forum, said: “Having security aware and cyber savvy staff turn up for work is great – this level of control and awareness in people means there is a solid platform for you to build on.”
Quotes

Quentyn Taylor, Director of Information Security, Canon Europe
“Data loss is what has traditionally kept the CSOs awake at night. However, the emergence and popularity of cloud technologies and virtualisation is changing the game. Endpoints have become purely a means of accessing the data over the network, be that via a laptop, smartphone or a printer. Clearly, security strategies need to evolve as well.
 
It can be argued that they should evolve separately from the IT function. The CSOs’ role should be to provide their employees with secure access to information, which would allow the IT department to focus on the infrastructure and devices.
 
But to make that transition the CSOs need to learn how to interpret what is happening in their area and communicate that back to the business, using the business language. They have to learn how to translate the technical jargon into share price values that CFOs and CEOs can understand if they are to get their buy-in for the true value of information security.”