Gigi Schumm, vice president and general manager, Symantec Public Sector organization
There’s been a glut of incidents lately that have brought cyber security issues to the forefront. The data breaches at Sony and Epsilon, the hacking of Gmail accounts, and the security vulnerabilities with RSA Secure ID tokens. We’ve certainly gotten a lot of questions about how government agencies and individuals can protect themselves from these types of incidents. The short answer is, there’s no technological, one-size-fits all technological silver bullet, and there never has been. I’ve been in the cyber security business for 14 years and have witnessed the evolution of cyber attacks. First it was large scale viruses and denial of service attacks, then it was Trojans, now it’s extremely targeted attacks looking for specific information. And while the attacks have changed, the answer to securing information continues to be the same: People, processes and technology. Any approach needs to be comprehensive. It can’t just be one thing or the other. And anyone who says that either doesn’t know what they’re talking about or is misleading you. You train people on proper cyber security practices. You have policies in place for how to handle information. And you have the right technological solutions in place. Whereas it used to be antivirus, firewalls and intrusion detection, now it’s leaning towards identification, authorization, and tracking information and where it goes. For customers, we’re telling them that regardless of the types of attacks, remember and don’t lose sight of the fundamentals: people, processes, and technology. Follow a combination of the three and you stand the best change of protecting your information.