New cybersecurity mantra: If you can’t protect it, don’t collect it

In early August I attended my 11th Black Hat USA conference in sunny Las Vegas, Nevada. Black Hat is the somewhat more corporate sibling of the annual DEF CON hacker convention, which follows Black Hat. Since my first visit to both conferences in 2002, I’ve kept tabs on the themes expressed by computer security practitioners. This year I heard a new refrain: “If you can’t protect it, don’t collect it.”

Reducing risk of cyberattack

A deluge of breaches continues to plague corporate, non-profit, educational, and public organizations. In my recent Brookings article “If you can’t keep hackers out, find and remove them faster,” I offered strategic guidance on how to detect and respond to intruders. By catching attackers after they gain unauthorized access, but before they steal, alter, or destroy data, defenders can prevent an intrusion from becoming a breach.  A complementary strategy, reflected by several colleagues at Black Hat, involves reducing the amount of information at risk.

Read full article on The Brookings Brief…

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s