Coviello: Security inertia and skills shortage holding enterprises back

RSA chief also takes a swipe at privacy rules

RSA chief Art Coviello kicked off RSA Conference Europe 2012 by highlighting the need for enterprises to adopt new ways to ensure cyber security.

He said IT leaders should adopt an intelligence-based approach to security that makes use of analytics to assess risk in an agile and contextual way. However, he conceded that there were still obstacles to achieving this.

"What we need is information sharing at scale. What is holding us back is inertia; there needs to be a shift in spending as successful breaches should be expected - from the 80 per cent spent on prevention, 15 per cent on detection and monitoring, and only five per cent spent on responding," Coviello said.

But the RSA chief emphasised that it was not just about the technology but a "severe" skills shortage.

"To be able to operate these forms of analytics we need the right skill set. According to [research and consulting firm] Frost & Sullivan the number of security professionals is 2.25 million and the requirement by 2015 is 4.25 million," Coviello said.

He went on to say that there needs to be better awareness and understanding of security, advising enterprises to close the gap between perception and reality.

Coviello then fired a salvo at privacy advocates, arguing that people want their governments to fight cyber espionage but cry "big brother" when controls are put in place to tackle the issue.

"For example, I know the CIO of a leading manufacturing company in the EU, and he is bound by law to ensure that the privacy of information at the organisation remains intact or face stiff fines. However, if he puts in technology to help him he could hamper his employees' rights to privacy," he said.