Wednesday, October 7, 2015

Conquering the Next Fronteir

By: Kevin O’Brien, CEO and Founder GreatHorn

I had the pleasure of moderating a panel discussion at the recent MassTLC Security event, held at the Federal Reserve in Boston. Scheduled as the closing session for the day, it was an opportunity to dive into the topic of "Conquering the Next Frontier" in the cybersecurity space, alongside a fantastic group of speakers, representing a diverse cross-section of experience, expertise, and perspective: Kate Driscoll (Chief Compliance Officer of Minuteman Health), Harold Moss (Senior Director of Security Strategy at Akamai), Chris Zannetos (CEO of New Light Advisors and formerly CEO of Courion Corporation), and Sam Bisbee (CTO of ThreatStack).

One of the key themes that emerged in our conversation was the idea that security is in transition, shifting away from being technology-centric and becoming a question of culture, from end-users through to CISOs. Kate opened this thread up, describing how Minuteman Health has fundamentally aligned its operations around security and compliance, a discussion that impacts everything from vendor selection to how threat data is shared, analyzed, and acted upon.

Chris and Harold both weighed in as well, describing how fundamental shifts in responsibility such as CISOs increasingly reporting to CFOs were having ripple effects across the industry; Chris mentioned that regular users and consumers were being handed a growing degree of responsibility for taking appropriate action when confronted by modern threats, such as spear phishing and credential misuse. This evolution in thinking coincides with the democratization of access to technical resources, the lines between personal and professional devices continue to blur.

In looking at security in this new landscape, Sam noted how advanced protection of cloud environments has led many organizations to adopt managed security models, wherein automated threat identification is coupled with around-the-clock expertise, dramatically reducing the number and severity of "unknown unknowns" that threaten critical infrastructure.

In thinking through these points, and taking the liberty of looking ahead, I believe that the threats modern companies and institutions face will only become more sophisticated. Even a cursory glance back at 2014 and 2015 reveals an unending stream of major data breaches, and unlike years past, these attacks have largely not been initiated with sophisticated malware or low-level system exploits. Instead, we are seeing that non-technical users are the principle target for today's attacks; if we are to remain nimble, we must change not only our security tools, but also where we chose to focus our attention. Effective defense means understanding not only where criminals are attempting to break through our defenses, but also how: by undermining that softest of targets, the human being. 
The frontier of security is, perhaps, a return to first principles: awareness, responsiveness, and appropriate protection that defends without impeding the flow of business.

Expect to hear more follow-up and next steps for growth and support of the security community within the next few weeks.  

No comments: