Following the success of McAfee’s Focus10 conference in Las Vegas in October, yesterday we offered a similar event in Paris, the first French Focus. Despite the snow that disrupted air and land travel, 236 clients and partners joined us.
As in Nevada, McAfee President and CEO Dave DeWalt and Worldwide CTO and Executive Vice President George Kurtz presented the company’s vision for securing the digital future. Breakout sessions delivered by partners and McAfee staff gave participants the latest news in the security field.
During the opening general session, PricewaterhouseCoopers presented its 2011 Global State of Information Security Survey, a worldwide study of more than 12,000 industry managers of IT and security.
To introduce his figures, PwC’s Philippe Trouchard explained that today’s threats are of an economic nature:
- From Aurora to Stuxnet, the targets are high-tech companies and industrial processes
- From the coders and exploiters caught during the FBI Trident Breach operation to Alberto Gonzalez, ring leader of the Heartland-Hannaford cases, banks and their customers are the victims
In these examples, the economic losses are estimated at tens to hundreds of millions of dollars. Their impact on business is rising.
Although the number of incidents appears to be declining, the costs to businesses has reached significant levels. From 2007 to 2010, financial losses and compromises to brands and reputations have increased as much as 233 percent.
The greatest compromises are to data. The number of respondents reporting data exploitation has increased by 69 percent since 2008. Mobile devices represent a significant new category of exploitation, with 20 percent of companies having suffered such incidents. But a cause for concern is that many companies do not have a global view of their security incidents:
In 2010, management has become more concerned with security than the technical staff. There has been a significant shift in the evolution of the chief information security officer’s (CISO’s) reporting channel. The security function is moving away from the CIO to the company’s senior decision makers:
Another cause for concern is the lack of reliable security procedures for one-third of companies:
Despite respondents expecting to see an increase in security budgets, 50 percent of companies had to delay or to reduce their security projects.
It’s no surprise that new technologies (social networking, wikis, blogs, etc.) represent one of the fastest emerging areas of risk.
In conclusion, Trouchard explained that during the 2007 to 2010 period the justification “client requirement” was the globally acknowledged leading driver of security spending (an increase of 21 percent) while all other justifications decreased:
This survey shows clearly that the information security function must operate as a business enabler, allowing companies to be more customer facing and helping them to innovate and expand.
Focus10 in Paris was an unqualified success. I spoke with many customers who eagerly await the 2011 event.