The battle for control over corporate networks is raging. And as IT
professionals and hackers both pick up more weapons and take on new
partners, the fight is only increasing in intensity… as it increases
in importance.
Scott Laliberte, a co-author of the new book Defend IT: Security by
Example, gives readers war stories from the digital battlefield. The
director of Protiviti, Inc., a global risk consultancy, Laliberte says
IT professionals need to suit up because the fight over the safety —
and control — of the corporate network is just heating up.
In a one-on-one interview with eSecurityPlanet, the author talks
about what is holding IT back in this on-going fight; how the
environment that needs protecting is constantly shifting, and what new
battles are looming ahead.
Q: In your book, you talk about the battle between IT and malicious
Internet users. How much is this battle growing in size and scale?
I’d say the battle is definitely increasing. If you look at statistics,
like the FBI and CSI survey, and the CERT stats, the number of attacks
continue to grow. But we’re starting to see more headway made in the
battle against the attacks. There’s more awareness. And security
spending is starting to rise. With the regulatory issues emerging…
companies and boards of directors are being forced to look at security
in a much more serious light and they are putting more resources into
it. That’s helping us gain some ground in the battle.
Q: How is the battlefield evolving?
It’s always evolving. As security professionals make advances in one
area, the attackers respond by developing smarter attacks. As the
perimeter started to be brought under control and people started to
block up ports, hackers developed more sophisticated Web attacks over
http and email. There’s starting to be more worms and viruses out there.
And the window between the find of a vulnerability and the time it took
someone to exploit it used to be weeks. Now, it’s days. So today, IT has
to patch every few hours instead of every few days. The battle is
speeding up.
Q: Is one side winning at this point?
That’s tough to say. I wouldn’t say one group is ahead of the other. As
an IT professional, you try forecasting ahead. You need to be
forecasting two to three moves ahead if you’re going to win the battle.
Q: So when you forecast two to three moves ahead, what do you
see?
I see companies putting together more formal structures and basically
having to have good frameworks. People are starting to put in better
frameworks and in-depth defense, some tighter controls — like tokens
and digital certificates. We’ll have to come around to those to get good
security. Passwords are just not good security. People understand that
but it’s too expensive to go to another solution.
Q: What is holding IT back? What is keeping them from doing better in
this war on hackers?
It’s budgets and management-level commitment. As most people in this
profession know, security is looked at as a cost center. It’s like
buying insurance. You don’t see ROI until an incident happens. And
hopefully incidents don’t happen, so they don’t see the problems that
you’re preventing. Showing that ROI and showing the return on investment
and getting the support necessary is a huge hurdle that security
professionals have to overcome right now… And they have to keep up
with the technologies and the attacks. It’s constantly changing. The new
technology you’re putting in place today is not going to be as practical
or work as well a year down the road. You can’t look at it as a process
that has a start and a finish. You have to look at it as a life cycle
model.
Q: What are IT’s strengths today?
I think there’s a lot more awareness of security issues and there’s a
lot more training out there. There’s a lot more resources out there,
like SANS and the trade publications and numerous books. And they’re
starting to get more recognition and support from management, but that
still has a ways to go.
Q: What are the biggest security concerns that are plaguing IT?
Regulatory concerns — making sure they’re not violating any laws.
Availability concerns — making sure there’s not going to be an incident
bringing the company down for any amount of time. In today’s world,
being down an hour could cost a million dollars, along with the loss of
reputation and customer good will. Another big headache they have is
educating users. You can put the greatest technical controls in place,
but if you have users who will give their passwords to anybody who calls
them on the phone, you’re still defeated.
Q: What kind of an effect are mobile workers and wireless devices
having on security efforts?
The tech environment is changing. It used to be that you had a very
well-defined perimeter. You had a firewall and a building where somebody
had to bypass a guard. Now you have wireless network and numerous Web
applications. You have people who work from home via a VPN. You have
partners connected to you online. You can’t just rely on perimeter
controls anymore. Your whole idea of perimeter control has changed. Now
you have all these entities that may easily bypass perimeter controls.
This is forcing us to change the way we think about security and enforce
new controls.
Q: What new problems do you see coming down the road?
The challenge I see coming down the road is managing all the controls
you have in place with limited resources. Monitoring is a major control
and you need to have a place for it in the organization. It’s one of the
most poorly managed controls out there. They try to monitor too much.
They need to figure out what are the highest risk areas they need to
guard, and then they need to design manageable solutions to do that. You
can’t protect everything at the same level. You have to make some hard
decisions about what you’re going to protect and how you’re doing to do
it.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.