“The quantity of data a business owns is evolving faster than you can classify data”, Cates said. “My top advice is don’t let your senior executives see your intellectual property, don’t let your IT guys see your own source code.” Data should only be visible to those who have a business need to see it.”
Alan Kessler, CEO of Vormetric, proposed a re-assesment of security budgets being spent on the perimeter. “I’m not saying not to invest in the perimeter, but it needs to be balanced. Think more broadly about the assets you have. At Vormetric, we have a mindset that thinks about security from data outwards”, and the venture capital community seems to be adopting this view also, he said.
Cates explained how customers he has worked with have listed a data breach as the second biggest risk on their books after natural disasters. He used the Target breach as an example. “To date, the cost of remediation has been $61m, and $44m of that is covered by cyber-insurance”, he said. “The costs will continue and will eventually total and hundreds of millions. Gartner says that for every $5.6 a data breach costs you, the prevention would have cost only $1.”
The ripples from the Target breach are “freaking people out”, according to Cates. “Boards are now pushing CISOs to put more focus on data protection.” Kessler echoed these sentiments, predicting that the Target breach will have more of an effect on Vormetric’s business, and data security, than the Snowden revelations of 2013. “Our clients are being pressured by their supply chain to secure their data now”, he said.