Companies need to realise the vulnerabilities they have rather than focus on strengthening their systems.


Information Security Forum president and CEO Howard Schmidt claimed that there is a full realisation that security is not about strengthening systems and patching, it is about realising the vulnerabilities.


Schmidt said: “It is not about doing something over and over again yet achieving the same results, as long as you are fraught with vulnerabilities you are living in the past.”


In a keynote address at the (ISC)² SecureLondon Conference, Schmidt acknowledged the problems that IT and security managers are facing in the current financial climate, but urged delegates to remain aware of cybercrime as ‘there is recognition that everything is going south, and that the bad guys are taking a break'.


Schmidt said: “The whole idea of information security has seen dramatic changes over the past five years, it used to be about technology and now it is about data. Data is the gold, silver and diamonds of the world today and you need to keep it immediate.


“Business is recognising that security is part of the day-to-day core practice, yet security is part of the process, and companies recognise that it is not about throwing out anti-virus, it is about risk management and realising that things you wanted in the last quarter you may not see until the end of the year.”