Published on October 28th, 2021 📆 | 3102 Views ⚑
0Cybersecurity Becoming Unmanageable. Solving It Requires Fast Failure
40% of us click on suspicious links in phishing emails. 30% of us actively bypass security in order to do our jobs. 45% of us buy our own IT equipment, and for two thirds of those that do, security isnât a big part of the purchase decision.
Plus, when we do click on those dangerous links, 70% of us donât report it to IT.
Weâre too afraid of the consequences.
Or we just donât want to deal with the hassle.
âAs IT continues to grow in complexity, security support is becoming unmanageable,â says Ian Pratt, who leads security for personal computers at HP and just released the results of a massive 8,443 office worker survey on cybersecurity in the world-from-home age. âWe need a new security architecture.â
We need a security architecture because we have a new threat envelope. Thanks to our Covid-fueled work-from-home business culture, the cell membranes of our massively distributed enterprises donât really exist anymore: work happens anywhere, and secure data lives everywhere. To make matters worse, hacking and cracking has changed from an individual activity by a few maladjusted computer hackers to entire teams or even countries. The result is 29,207 confirmed security incidents in Verizonâs 2021 DBIR already.
In fact, hacker collectives have essentially formed companies.
âRansomware as a service absolutely is a booming business,â HP chief information security officer Joanna Burkey told me in the TechFirst podcast. â10 years ago it took a lot more skill to craft a successful attack and now can easily be purchased.â
But she still sleeps at night.
And so does Siemens USA chief information security officer Kurt John.
âNot all hope is lost,â says John. âI think there's some things that we can do.â
Listen to our interview:
Some of the actions CISOs and IT teams can take is endpoint detection: monitoring printers, laptops, phones, and other tech. Another, Burkey says, is containerization: a way of bundling code with all its dependencies and requirements in an isolatable component which limits infection of other systems if it gets compromised. Plus thereâs a new focus on identity, along with multi-factor authorization and zero-trust systems, so that important corporate systems always know who is requesting access and what permissions and privileges they should have. And anomaly detection systems, particularly those using AI, to identify and investigate potential issues.
Another cybersecurity key? Planning to fail.
Or, at least, planning for what to do when systems will get breached.
âWhat you want to do is fail as quickly as you can so that you can recover as quickly as you can,â says John. âThat's part of being cyber resilient ... you hope you don't and you plan that you don't, but what you do is you orchestrate your ecosystem so that if you do get impacted, you have the ability to recover as quickly as possible. And once your organization is in that place, I think you'll be able to sleep a little bit better night.â
Thatâs fairly amazing when you understand that the average enterprise of over 1,000 employees gets a 4,230 alerts in its security operations center (SOC) every single day, with a quarter getting between 5,000 and 10,000.
The work from home change isnât going away, so the technology landscape isnât going to get simpler.
And while that brings challenges, itâs also a good thing, says John.
âWe need a cultural change and the organization needs to ... acknowledge what the human condition is,â he says. âIt's not just home or office, it's office after just coming out of college because I'm excited to meet new people and learn new things. It's home, because I just got a family, I have a newborn and I need to help out at home. It's the office again, because I just got married and have a newborn and I need adult interaction ... if we recognize that the human condition requires us to be in different places at different times, I think ultimately our business strategy, or IT strategy, or cyber strategy would adjust.â
That sounds pretty much like the real world.
And one that cybersecurity tools and professionals need to be able to support, if theyâre going to be effective for a distributed workforce.
Gloss