The 'Game' Fervent IT Security Pros PlayNo One Can Declare Victory in Never-Ending Security Race
"They say it's a race, it's a game; there's attackers and defenders," van Ommeren says. " ... You can be in awe of a good hack; you just want to be the one who finds it first and not your attacker. And that really makes it a game."
But the cybersecurity game never ends, and organizations that take the proper defensive measures will still be attacked, says van Ommeren, director of innovation at Sogeti USA, an IT test management and consulting firm.
"We believe you can't win it," he says. "There's no final step to say, 'Okay, now we're done. You made the final move. Checkmate! Nobody else will never be able to attack us.' That's not the reality."
Van Ommeren, in the interview and book published by Sogeti and IBM - coauthored with Martin Borrett, director of the IBM Institute for Advanced Security Europe, and Marinus Kuivenhoven, senior security specialist at Sogeti Netherlands - argues that cybersecurity must be made part of the most elementary fiber of the organization - in technology and human behavior - to give people secure options that they prefer over less secure ones in order to do it right.
In the interview with Information Security Media Group, van Ommeren:
- Reviews the advantages and disadvantages of using fear as motivation to get employees and other stakeholders to adopt IT security best practices,
- Discusses how security technology won't be used unless it's made easy and
- Addresses how breaches have had little impact on changing behavior.
As innovation director for the past seven years, van Ommeren directs research into IT and IT security trends and development at Sogeti's VINT labs. VINT stands for vision, inspiration, navigation and trends. Van Ommeren joined Sogeti is 1998 as a business development manager.