I really enjoy Shira Rubinoff's videos, and captured one of them in case you prefer reading to watching videos. Please find snippets of this commentary in the AT&T Cybersecurity video series with Shira Rubinoff interviewing me recently.
Episode #6 - @attcyber Video Series— Shira Rubinoff (@Shirastweet) October 24, 2019
With @twaskelis AVP @attcyber
Discuscussing:Issues we are facing in #CyberSecurity today
Full video��https://t.co/1GxIQVAeJ0#ai #attinfluencer #Security@sstoesser @BinduSundaresan @BJWebb4 @saritasayso @MoKatibeh @eisaiah_e @ChuckDBrooks pic.twitter.com/VuJfAsoSYH
Q1: How will CISO’s investments change in 2019? What areas of cybersecurity do they see receiving more funding?
- Many large and mid-size businesses are recognizing security requires more than just a technology investment. Service organizations bring technology, expertise, and resources to the table in a way that may be a more cost-effective alternative to trying to manage all this internally
- Lack of resources as a major challenge along with keeping up with advancements in cybersecurity technology by utilizing outside service providers rather than hire, retain, and manage staff
- For the CISO, this translates to set a big picture of priorities such as maintaining customer trust and keeping the organizations name out of the headlines. In order to accomplish these priorities, there are essential areas where security executives will spend their time, and money in 2019
- Develop a culture of security: The culture must go together with policies and best practices. Every single person within the organization has some responsibility for security
- Security and Risk Management: Governance and resource requirements, security frameworks, data protection, training and awareness, insider threats, third-party security practices as outsourcing increases
- Cloud Services: Cloud strategy, proper selection of services and deployment models. Scalable and elastic IT-enabled capabilities provided as a service utilizing internet technologies
- Gain threat visibility across all platforms: You cannot secure what you cannot see. Having data spread across multiple tiers of applications and cloud services, and sometimes out on unauthorized services has greatly impacted the CISO’s ability to have unified visibility
- Grasp the perimeter: Thanks to cloud computing, mobile devices and IoT, the perimeter is an archaic concept. The operations teams both security and IT need to change their assumptions about traffic, trusted users and the idea that there is a single demarcation point between public and private clouds. CISOs are now faced with new tactics for managing those perimeters.
Q2: Can you give us your perspective of what you’re seeing right now in cybersecurity? What are the biggest issues and then what can we expect looking forward? How zero trust is maturing into digital trust and the evolution of predictive threat detection?
- In today’s environment, the network can no longer be considered a safe zone. In fact, there is no safe zone. As the risk of insider threat scales exponentially, every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. Essentially everyone is “inside”, because the network is perimeter less.
- The understanding that perimeter protection alone is not enough has increasingly led to the security concept of Zero Trust, which is beginning to play a large role in. Building a secure Zero Trust Organization is based on a never-trust/always-verify approach to all entities and transactions in which multiple solutions work together to secure digital assets
Q3: Is cloud security getting better or do companies now better understand their role in managing cloud security?
- It is a combination of both better cloud security controls and better understanding of how to manage them. As technologies become less hardware dependent and move to virtual functions, security controls for cloud environments are becoming more scalable and easier to deploy. In parallel, the ability to monitor and report on the effectiveness of those controls is becoming easier for organizations
- Initially, cloud service providers first hit the market with a “Trust Us” mentality and didn’t do a great job making companies feel like their security and compliance concerns were being heard. That tide has shifted, and cloud providers now fully appreciate the security requirements their clients are asking for
- Cloud providers are now becoming more open and accommodating of security data and controls, and more vendor solutions can bridge the gap between implementations on-premises and in the cloud. As a result, the fear of adopting cloud services, often driven by the lack of security controls and visibility into the controls, is lessened. There’s progress, and more acceptance of in-cloud controls and services – but that progress is still slow
Q4: Is SOC as a service the right approach for smaller companies?
- Cybersecurity is not just an IT problem, it’s an organizational issue and you can’t manage what you can’t see. Every organization should be aware of the cyber activity within its environment. Even a small network generates over 250,000 logs per hours. An impossible task for a human to review. There are many ways to monitor and report on this, but it ultimately comes down to people, technology, and budget. That spending decision must be commensurate with the risk appetite of the organization
- We now live in the days of sophisticated digital hackers so your concern shouldn’t be if you’re going to get hacked, but what you’re going to do when it happens. Making sure your business invests in a security operations center (SOC) can be your saving grace during an attempted cybersecurity attack. A security operations center is an organizational hub of skilled team members and technology whose goal is to detect, prevent and respond to cybersecurity threats in as close to real time as possible. For best results, the SOC must keep up with the latest threat intelligence and leverage this information to improve internal detection and defense mechanisms.