Ten Questions With… Gant Redmon, Co3 Systems (Part One)
added: 10.24.2013, by Mike Spinney
Co3 Systems, based in Cambridge, Massachusetts, helps organizations define, manage, and optimize their cyber security and data breach incident response programs. Security incidents like data breaches, hackings, industrial espionage, and even physical compromises are highly disruptive for companies. They cost a lot in terms of time, money and reputation. The number and variety of international, federal and state laws and regulations that apply to data protection (not to mention industry standards) means compliance is a complex undertaking. Preparing for and responding to security incidents is no small task, and missteps can compound the already daunting challenges involved. Co3 helps make it faster and easier.
Gant Redmon serves as vice president and general counsel for Co3. I’ve known Gant for a few years and respect his background, approach, and opinion on the topics of data privacy and information security. I recently asked Gant a few questions and he graciously agreed to let me share the answers with you in what will is the first of my new “Ten Questions With…” series of blog posts. Here is part one of that conversation.
HoGo: When you're talking with clients, colleagues, companies about addressing information security and data privacy, what stands out as a consistent and persistent problem that is most vexing to organizations?
Gant Redmon: There’s a growing realization that in today’s “post-breach” world – where everybody’s breached, it’s just whether or not they know it – they need to do a better job with incident response, but they lack solutions to help. They still use rudimentary tools like spreadsheets, Sharepoint systems, and legal libraries. Despite the fact that incident rates are up, the bad guys are more focused than ever, and the regulatory environment is incredibly complex and getting more so.
HoGo: Describe how you have seen the threat environment evolve over the past three years.
Redmon: Thanks to trends like mobile and cloud, data is proliferating thus expanding the opportunities for attack. Regulations around privacy breaches, not to mention cyber security incident disclosure, are getting more numerous and stringent. And across insiders, hacktivists, and state sponsored actors the bad guys are more numerous, focused, and dangerous than ever.
HoGo: How have you seen companies' attitudes evolve over the same period, in terms of their awareness and response. Are companies chasing old issues and not considering the new, or are companies doing a fair job of keeping current with new threats?
Redmon: We see increasing awareness from firms that their security investment is overweight on prevention and detection, but underweight on response. In the keynote address at their annual Security Summit Gartner said, “If you are going to invest in one thing, it should be incident response.”
HoGo: What has been the biggest area of change with regard to that evolution and how would you describe any differences between front line personnel and the C-suite in terms of their seriousness and attentiveness?
Redmon: CSO and CPOs have realized that while you may not get fired for having a breach – it can and does happen to anyone – if you botch the response, you are in big trouble. So while it’s true that front-line personnel want a better way to collaborate on incidents and an easier way to stay abreast of the regulatory environment, there’s pressure from management as well to bolster response capabilities.
(Tune in next week for part two of this interview.)
DISCLAIMER: This post does not constitute an endorsement of HoGo by Co3 Systems or Gant Redmon. Nor does it constitute an endorsement of Co3 Systems or Gant Redmon by HoGo. It is merely a conversation between two entities concerned with advancing awareness over issues of data privacy, information security, and the protection of intellectual property.