By Sergio Caltagirone
Too many of us are living in the last century of information security. We’re taking the approach that we’re not patching fast enough, not doing asset identification well enough. These things may still play a part in the security puzzle, but the threat landscape has moved well beyond that.
Which is why we’re seeing the failures that we’re seeing. We’re still fighting the last war and losing the current battle.
Assume you’re going to lose
We need to approach security with the presumption of loss. We are just now entering that phase of understanding in cyberspace. That’s why cybersecurity insurance has become such a big deal.
Take flood control for example. We have several predictive and detective measures to identify when and how large a flood will be. We have topology maps which identify the locations of critical resources such as hospitals and neighborhoods.
We can prevent normal, everyday flood. But, in a 100-year flood scenario we triage choosing to protect the hospital over the neighborhood. We need to prioritize detection. We can’t prevent all loss. We need to respond quickly and effectively to our detection. We can’t try to save everything all the time – we diffuse our already extended security resources and no longer focus on the true business risks.
We need to change not just what we’re doing but how we fundamentally think about the problem.
What we should continue to do for cybersecurity in 2018, and what and how we should evolve. via Sergio Caltagirone.
Prevention is not the cure
Prevention is critical and always will be, but prevention only gets us so far. We need to reevaluate our current investment to identify where and how we can move to quicker and more effective detection.
If we want to move up the security maturity spectrum, we need to shift our thinking from ‘How do I stop the next breach?’ to ‘How do I detect it fast enough that I can do something about it?’
We’re practiced at protecting in depth, but to bolster our detection before the full impact is actualized by an adversary, we need to detect in depth as well — which calls for a detection-driven security cycle.
The adversary is our best teacher
We’ll never be able to know all our vulnerabilities, assets or attack vectors. Adversaries will innovate quicker than defenders. But, that doesn’t mean we’re lost. We own the territory and the infrastructure.
Instead of trying to continuously fight last week’s war, we must understand our adversary’s behaviors and “control the physics” of the space.
By that, I mean: Adversaries are going to do many things once they get access to a machine and are able to leverage the associated assets. What are they going to do with the passwords? Can we detect when they’re stored in a file? If not, can we detect when a password is being used, possibly through identity protection? And if they’re assuming identities, can we detect if they’re stealing data? The answer to all those questions is “Yes, we can.” Rather than thinking of an attack as a single point of failure, but it’s a string of opportunities for the defender to detect and respond. It’s said attackers only need to be right once. To sever that attack thread, defenders only need to be right once, too.
Learn more about cybersecurity
Speaking of cloud security providers
The cloud is a critical component of any modern enterprise. Most cloud service infrastructure is more secure than most enterprises – and enterprises need to realize that fact. But, don’t choose your cloud services and security based on a checklist. Security changes so quickly that any checklist is a useless metric. Instead, choose a technology provider that takes security so seriously it’s part of their organizational identity. Only then will you find a partner that moves and evolves quickly in the security landscape not because of a checklist, but because that’s who they are.
How we will win
Security is not won through procurement, it’s won through people and relationships. Pick the right partners, technology vendors and business partners. That’s how we win with security. Your technological security solutions are your security lower bound. Your people, the defenders, your organization, your relationships that define how great you can be — your upper bound. Make your defenders great, and your cybersecurity will only get better.
The biggest opportunity
We currently have at our fingertips the largest collection of shared computing resources ever in the history of mankind due to cluster and cloud computing. We can collect more data and see more things than we’ve ever been able to before. Our applications are generating telemetry and data more than they ever have and our ability to process it is greater than it’s ever been, and we’re not even tapping this at its full capacity. This is the biggest opportunity — simply taking advantage of this computing revolution that’s right here, right now.
Things you needn’t worry about
With so many things on our minds, especially at the C-level, it’s important to know what is not worth spending energy on.