While we’ve been busy working with our customers to modernize their data centers, we’ve also been busy modernizing EMC World, preparing to make 2016 the best event to date! This year we’re delivering an exciting lineup of educational tracks, sessions, speakers, and events to help turn plans into actions. In addition, we will be setting the vision for the new company we will become in combination with Dell.
The theme of our 16th annual EMC World is Modernize and we can’t wait to join customers, partners, media and analysts over an exciting four days in Las Vegas.
Risk is changing. Headlines are littered with high profile risk-related issues that plague organizations. Boards, executives, regulators, auditors and shareholders demand more visibility into and assurance that the risk and compliance programs are operating effectively. This scrutiny is moving downstream to smaller enterprises, making risk management a pervasive issue for organizations of all sizes, in all industries. Risk is a multi-dimensional problem and it continues to become more and more complex.
The future of risk and compliance requires everyone to own risk. Everyone within your organization must act as “risk managers” within their own role.
According to the Verizon Data Breach Report 2015, 70 to 90 percent of malware samples are unique to an organization, which means the malware wouldn’t automatically be identified as a threat. This puts any organization relying only on signature-based tools at great risk, as they could have malware actively running in their environments yet be unaware of any compromise. Motivated threat actors can typically find ways to bypass purely preventative measures, including “advanced” measures that still must rely on previous experience or knowledge of a strain of malware to detect and stop it. Techniques like metamorphism, polymorphism, and sandbox evasion have changed the game and unfortunately, are no longer confined to the domain of sophisticated threat actors. Nowadays, they’re the status quo.
In the face of such a reality, effective approaches for addressing malware can’t be predicated on just prevention alone, but must be focused on deep visibility and swiftness of response.
Despite increasing investments in security, attacks and breaches continue at an alarming rate. Web and mobile applications are key areas where attackers invest their time and resources to understand and target organizational vulnerabilities.
“Victorious warriors win first and then go to war; defeated warriors go to war first and then seek to win.”
― Sun Tzu, The Art of War
Over the past several years, the cybercrime marketplace has gone through a significant maturation process, achieving parity of sophistication with many of the world’s legitimate markets. Traditional business differentiators such as customer service have migrated to the underground—if the stolen credit card you just bought has been cancelled, you’ll get a refund. Business concepts such as innovate-to-stay-ahead are commonplace amongst cybercrime-as-a-service vendors. This activity, in turn, has generated a lot of noise when it comes to threat intelligence; noise that is making it more difficult for us to distinguish the real threat signal. What is the risk of a single phishing or malware attack? What threat does a conversation between a couple fraudsters about cash out methods pose to your organization? There is just too much noise.
The opinions and interests expressed on Dell EMC employee blogs are the employees' own and do not necessarily represent Dell EMC's positions, strategies or views. Dell EMC makes no representation or warranties about employee blogs or the accuracy or reliability of such blogs. When you access employee blogs, even though they may contain the Dell EMC logo and content regarding Dell EMC products and services, employee blogs are independent of Dell EMC and Dell EMC does not control their content or operation. In addition, a link to a blog does not mean that EMC endorses that blog or has responsibility for its content or use.