It looks like we have a new wave of Lulzsec and Anonymous activity hitting the scene. This raises the question again about what concerns the CISO. With these super hacker organizations launching massive attacks against big name organizations do we need to focus our efforts on this type of threat or should we continue our efforts on the econmoic threat that has been driving us for so long.
I would argue that as CISO's we are looking at it all wrong. Our focus should not be on defense any more. These super hackers can not be stopped. We need to focus on how to motivate business through security. If NATO or the CIA can not stop these attacks why should a college X or Mid-sized company Y sink massive amounts of resources into trying? The answer needs to be that it is good for business. If you can show that through segmentation you can:
1. Increase performance,
2. Decrease data loss.
3. Reduce errors.
4. Improve efficiency.
5. Mitigate risk.
You know that there will be backing for your security efforts and that you will hav