Are We Approaching Security Wrong?

Too many companies that provide cybersecurity solutions are failing to focus on helping organizations control risk at a reasonable cost, argues Malcolm Harkins, CISO at Cylance.

"In many ways, most ... of the organizations in the security industry profit from the insecurity of computing. So economically, they have no incentive to fundamentally address the issues," Harkins contends in an interview at the RSA Conference 2016 in San Francisco.

"We should be trying to figure out the economic equilibrium so that the cost [of security] is essentially flattened or held steady relative to the growth of computing. I've always been trying to think about it in the context of having ... solutions that create a demonstrable and sustainable bend in my curve of risk, something that allows me to lower or maintain or flatten my total cost of controls."

In this exclusive interview (see audio link below photo), Harkins also discusses:

Why the security industry needs to re-imagine its mission; Ransomware and how to defeat cyber-extortion; How Cylance distinguishes itself in a crowded anti-malware marketplace.

As the global CISO at Cylance, Harkins is responsible for all aspects of information risk and security, security and privacy policy, and for peer outreach activities to drive improvement across the world in the understanding of cyber risks and best practices to manage and mitigate those risks. Previously, he was vice president and chief security and privacy officer at Intel Corp. In that role, Harkins was responsible for managing the risk, controls, privacy, security and other related compliance activities for all of Intel's information assets, products and services.