Chief security officers in the UK should consider seven key points in the next year, an IDC analyst has advised.
Speaking at IDC's security conference in London, Eric Domage, manager of IDC's Western European security research and consulting division, said the security arena was changing fast and advised delegates to consider a range of new threats, including paying more attention to the risk posed by end-users within their businesses.
"As CSOs you must firstly put pressure on security vendors to make their products provide the right functions for the business, at the right price," he said.
"Secondly, it is important you refresh the threat mix you are prepared for." In this mix, he included malware and next generation threats such as web based attacks and identity theft.
Next, it was important for CSOs to remember that users were a threat, whether general staff or executive management. And disgruntled employees – like the US Unix system administrator successfully prosecuted this week for sabotage – were also a growing threat, he said.
Fourth on Domage's list was advice that "you must think about the value of your data and the cost to the business of failing to protect it".
And he said it was important to weigh up what could be outsourced in terms of security, noting that more services were becoming available in the marketplace.
Domage's sixth point was that, while it was important to stick to a budget, the potential cost of data being compromised meant it was worthwhile arguing for higher security spending.
Lastly, he reminded delegates: "You must understand that you are a business oriented professional. As CSO, you are part of the business strategy and more than just an engine."
And the challenge of "elastic" modern enterprises, with their effectively borderless, always connected networks, meant that it was vital for CSOs to make strategic decisions to protect their businesses, he added.