Email Security Blog

Gartner Security & Risk Management Summit Takeaways

Agari June 17, 2015 Email Security
Fallback Featured Image

Last week I was at the Gartner Security & Risk Management Summit for the first time in three years and while there, a few things struck me. We’ve all seen the steady drumbeat of cyber attack headlines that expose millions and millions of people’s sensitive information. The attendees at the conference certainly have, too. Because it was absolutely packed; the show has grown tremendously in the last few years. Another interesting note for me was the prevalence of very senior security industry executives at the show – not just CISOs, but I saw many CIO name badges on people wandering the conference floor and stopping by the Agari booth.

It’s a good sign, in my mind, to see the issue of security moving farther up the corporate ladder. Not a moment too soon, either. I would say that a surprising majority of the people who stopped by our booth told us that they were seeing CEO and CFO spoof emails at their companies. The most common variants were spoofed emails purporting to come from the CEO sent to the CFO telling him to wire money related to a super-secret acquisition to some account. Controllers at the companies were also receiving similar spoofed emails purporting to come from their CFOs. Also extremely gratifying was, once we explained to visitors to our booth what we were doing with email security at Agari and how we are proactively solving the problem, many of them told me it was the most interesting thing they’d heard at the show.

Other top takeaways for me included the Gartner forecast that by 2020, 60 percent of security spending will be on post-infection or post-breach detection and remediation. Compare this to the 40 percent of security spending that is aiming to stop breaches before they happen. The shift in security spending tells me two things: First, that companies are – more and more – simply just giving up on trying to stop the breaches before they happen. Second, once breaches do occur, they are only becoming more difficult and incredibly more expensive to detect and remediate.

The shift in the security mindset, too, is proving difficult for companies to navigate. It used to be that security policies were architected such that once you authenticated yourself and were inside the walls of the organization, you were therefore trusted. If you were outside the walls, the default was you weren’t trusted. But now we’re seeing the growing trend of devices not being trusted as a default whether they’re inside or outside an organization’s firewall. There’s now this shift to no devices being trusted, but it is such a difficult concept to embrace and hard for organizations to change the way their security is architected across the board.

Suffice to say that with the packed attendance I saw, higher-level security executives and the difficulty organizations are having changing their security architectures to a no-trust-first model, security as strategic business competency is only gaining in visibility. And this is a good thing, because we as an industry have a long way to go in securing organizations from the unrelenting cyberattacks we see every day.

 

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 11, 2019 Raymond Lim

Beware of Phishing Attacks as Tax Day Looms Closer

The April 15th deadline to file taxes in the United States is almost here, which…

Agari Blog Image

March 13, 2019 Ernest Yuen

W-2 Scams Likely to Continue as Driver for Phishing Attacks in 2019

With the 2019 tax season reaching full throttle, a volatile mix of conditions could fuel…

Agari Blog Image

March 6, 2019 Mandeep Khera

Winning with Channel Partners: How Agari Continues to See Success

Channel partners have become a strategic extension for technology businesses all over the world.  Within…

Advanced Threat Capture Rate

February 7, 2019 Paul Chavez

Why You Should Care About an Advanced Threat Catch Rate

Artificial intelligence (AI), machine learning, and deep learning analysis have become common buzzwords synonymous with…

Brand Design is New Demand Generation

February 4, 2019 Armen Najarian

Brand Marketing is the New Demand Generation

First, An Apology Sorry, demand generation professionals.  We still love you and your jobs aren’t…

mobile image