Former Cyber-Security Czar Says Network Perimeter Defenses Don't Work
NEWS ANALYSIS: Former U.S. cyber-security coordinator says enterprise executives must assume that malicious hackers have already broken into their corporate networks.The big question about enterprise security isn't how to keep cyber-criminals out of your network; the big question is how to limit the damage. According to Richard Clarke, former special advisor to the president for cyber-space and national coordinator for security and counter-terrorism, "The bad guys are already in your network." Meeting over dinner with a small group of Washington D.C.-area media representatives, Clarke said that what companies really need to do is find ways to protect what's really important. To make those decisions, the company needs to understand the risks to the organization. "That's not as obvious as it may seem," Clarke said in a subsequent interview. "Every company has its own risk tolerance. They should go through a transparent process deciding what the risks are and their tolerance for those risks."
Clarke, who is now CEO of Good Harbor Security Risk Management, spoke at the dinner at the invitation of RedSeal, a risk management software company, which was announcing a new round of funding. He said that there are several steps that a company usually takes once the management accepts that hackers will find their way into the company network.