Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences
  • These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

  • These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

  • These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

This article is more than 1 year old

Go ahead, build better security: it just makes crims try harder

CSO of payroll outfit ADP says until suits understand tech, we're all doomed

Nullcon The chief security officer of payroll giant ADP says his executive peers will need to become technical if they want to have a future in the industry.

Roland Cloutier, who has a stint as EMC's chief security officer on his CV, told the Nullcon security event in Goa, India, that executives must be a lot more technical than they presently are and understand security controls tools in use both across the enterprise and the products it sells.

The former cop who has “studied his arse off” over the last six months to learn more about encryption says chief security types will need to focus on four areas including security technologies, threat information, risk, and convergence.

“First they have to fully understand IT, networking defence operations, basics of big data, and so on,” Cloutier told delegates. “If you are protecting [SCADA systems] you better know how a programmable logic controller works.”

“And you have to understand a deep acumen of defence models, and response capabilities.”

He says risk is critical for security executives despite that he admits it is his weakest area. “I hate risk,” he says.

Converged security is the final area that executives must conquer. Here disparate security divisions are brought together to share threat and other information. Cloutier gathers his 13 security executives together for 09:00 AM Monday meetings so they can share security intelligence.

Cloutier warns that attackers will become more determined and skilled as security defences improve.

He talks from experience. The payroll company recently deployed an in house built anti-fraud system that shot attack detection rates from about 64 percent to 93 percent “overnight”.

“The number of attacks went up 10 [fold] because they needed to try to find other ways to break in and steal money,” Cloutier says.

Ultimately it is a balance between leadership and technical skills, the ratio depending on the business.

“All [better security] it means is that you will piss of the bad guys and they will become more sophisticated.”

The company processes some 12 billion events a day through its global anti-fraud platforms including transactions and external threat data which it uses to create more detailed attack overviews. ®

Similar topics

TIP US OFF

Send us news


Other stories you might like