Companies need to lose 'castle and moat' security mentality, says Cisco security VP

By Peter Gothard
08 Oct 2012 View Comments
Chris Young senior vice president of Cisco Security and Government Group

Many companies are not taking into account modern technology and methods when approaching data security, said Cisco senior vice president of security and government, Chris Young, at a press roundtable in London today.

Young labelled the mindset of many organisations as outdated, describing a "castle and moat" mentality based on on gateways and firewalls.

Further reading

"This concept of you're either in the network or out of the network in many ways is antiquated in itself," said Young.

"We need to move away from that model and focus on how we push security closer to the sensitive information, data and applications that matter."

Young stressed the need for a more subtle approach, based on monitoring "behavioural anomalies".

Young highlighted how data criminals can use social networks to "make themselves look more like legitimate users, and [find] ways to compromise the end user through normal behaviour".

"A lot of these attackers are going onto social media sites and studying users," said Young, "figuring out who are the network administrators in an enterprise and targeting those administrators so they can get access to sensitive credentials."

Young also said that one of the greatest security challenges facing IT leaders is the rise of BYOD.

"If we have trouble keeping all these solutions up to date on company-managed laptop computers, with the proliferation of [mobile] devices, that becomes an exponentially harder problem to manage," said Young.

Reader comments
blog comments powered by Disqus
Windows 10 - will you upgrade?

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop. Will your business be upgrading?

37 %
27 %
15 %
21 %