Published on July 28th, 2020 📆 | 8068 Views ⚑
0Setting the Foundation for a Cyber Resilient Future: Q&A with Peter Schawacker of Blinktag Solutions
We recently sat down with Peter Schawacker, a leading consultant with in-demand expertise in both the business and technical domains of cybersecurity. With over two decades of experience in nearly every aspect of the field, Peter has served as an incident handler, a sales engineer, a product manager, a technology evangelist, and a senior business executive. Heâs also spent time in the infosec trenches, with hands-on experience as a security operations center (SOC) analyst.
In Peterâs consulting practice, heâs helped build SOCs, professional services delivery teams, and managed security service businesses. His wide-ranging experiences give him a unique birdâs eye view of todayâs cybersecurity landscape. He shared his perspective on current events with us during an in-depth interview.
Q: Whatâs your assessment of the state of cybersecurity today? Whatâs it like out there right now?
Itâs foggy. Itâs really hard to tell how things look. The usual measures and standards that we employ to understand threats and assess whatâs going on in the world just donât seem to apply anymore. So everybodyâs trying to figure out how to recalibrateâto find measures that can tell them whatâs going on. At the same time, everybodyâs trying to figure out where they need to be: in terms of their offensive position, their defensive position, finding out where growth is going to occur, and understanding whatâs not going to come back in the near future. Planning today is really hard. As a result, âshort-term everythingâ is where security is at right now.
Another thing that people are trying to figure out is what theyâre not seeing. Everyoneâs aware that there are a lot of unknowns, but nobody knows whatâs coming next. We say weâre âmid-pandemic,â but this assumes that weâre not actually still really early in the process. It also assumes that there isnât another one coming. I wonât even get started on the murder hornets.
Q: How is the threat landscape? Are more attacks happening?
Itâs impossible to be certain, but weâre pretty sure that attacks are way up. Thereâs a lag between the time when the data is gathered in studies and when the results are published, so we donât yet know for sure, and wonât for at least three months from now. Most of the data that weâve got is still from last year.
But we do know that attackers are well aware of the challenges that businesses face, and the ways that IT is changing. We also know that anyone who was in IT security and lost their jobâthe so-called âgood guysââis susceptible to recruitment by the âbad guys.â We saw this phenomenon at the end of the Cold War, where former academic computer scientists or high-level employees in IT in the former Soviet Union found themselves out of work. They needed to eat, so theyâd turn to working for organized crime. I think that advanced persistent threat (APT) actors are recruiting heavily right now. So theyâll have a lot more manpower, and thatâs enough to explain an increase in incidents.
I donât think there are necessarily more vulnerabilities. But it is the case that during the first month of the pandemic, it became more dangerous than usual to patch end user systems, and specifically desktops. If something broke during the patching process, there was no field service. And it wasnât easy to obtain a replacement for the device. As a result, people were waiting longer to apply patches.
Q: How are CISOs handling this new and unpredictable world?
Itâs different at different companies. Some got rid of internal staff, and are now trying to cope without having certain functions, like a SOC. They may be turning to project-based staffing or having to think about how to outsource. When it comes to partnering with external service providers, CISOs are looking for enhanced effectiveness and real value.
The move to remote work is in a cleanup phase now. Thatâs going to persist for some time, and I donât know if itâll ever really end. âBusiness as usualâ has always included cleanup. But the type of threat management thatâs necessary will change over time.
CISOs are also thinking about how to make work-from-home more successful and how to create social cohesion for their remote teams. Because stress levels are so high right nowâand will continue to be, on an ongoing basisâthat social cohesion is exceptionally important. A good SOC team will bind together and manage itself if you let it.
Everybodyâs had to cut costs. Sometimes this can lead to more efficiency. It can lead to a tendency to value quality over quantity, as well as a desire to be more conservative. Thereâs more interest in investing in automation, which has become a more conservative approach than staffing. It used to be that if you were employing automation, you were a risk-taker. Now, itâs the other way around.
Q: What advice do you have for security leaders as they navigate the challenges that 2020 is bringing?
Thereâs a lot of uncertainty, so there are no absolute answers. But there are good ideas.
One good idea is to recognize that when youâre forced to live through a crisis, you might as well exploit the advantages that it brings. Weâve already paid the price for change. Normally, a leader decides that a change must be made, in order to derive some benefit, and then commits to the pain and risk that the change will bring. Covid, the civil unrest that arose in the wake of George Floydâs murder, and all the restâthatâs the pain, upfront. So you can use that disruption and the adjustments to peopleâs thinking that itâs causing to make the changes that you need to make. Youâre already paid the bill, so donât walk away from the table. Thatâs the most important recommendation I would make.
CISOs can use the current drive for cost-cutting to dump software that they donât need. If you have software that youâre not using, you have unnecessary vulnerabilities that someone could attack. Make this time into an opportunity to get rid of those.
Another important idea is to take a good hard look at insider threats, especially from former employees. Make sure that access revocation is being handled in a timely manner. Many organizations struggle to keep track of who has access to what. In todayâs climate, there are sure to be more cases of former employees wanting to walk out the door with a box of data to use elsewhere.
Iâd also suggest that security leaders pay close attention to threat intelligence. The best sources, unfortunately, arenât the open source or free ones. Besides the fact that criminal organizations are actively recruiting right now, hacktivism is back.
Finally, when it comes to outsourcing, managed detection and response (MDR) services are more effective and deliver more value than the old managed security service model. In the old model, the service provider would find alerts and send them over to the customer, and the custom was then tasked with figuring out what they meant, whether or not they were bad, and how to handle them. Then they had to provide feedback, usually through a ticketing system or via email. In MDR, thereâs an ongoing partnership between the customerâs security team and the service provider. A dialogue takes place thatâs highly collaborative, and this continuous dialogue enables situational awareness.
Few companies can keep incident handlers on staff, so it makes sense to outsource this function to someone who specializes in it, and is practicing this sort of work every day. Youâll get a higher quality of service if you do.
Q: Is there anything else that CISOs should be paying attention to right now?
Itâs vital that they think about the effects of stress on their teams. Security is like exercise. If you rest between sets, and you schedule recovery days into your workout program, youâll get stronger, faster and healthier. But if you spend your whole life in the gym, itâll negatively impact your performance. Youâll end up sick, and weaker than ever. Because your body and mind will be flooded with cortisol all the time. And thatâs what weâre seeing right now in SOCs.
We make small decisions all the time, and stress makes it harder to make good decisions. Bad decisions beget more stress, which makes it harder to make additional decisions. Itâs a vicious cycle, and the problems just compound themselves.
If you assume that cyberattacks have increased by two- or even threefold, then teams are being asked to do two or three times as much work, in some cases using approaches that theyâre not accustomed to, at the same time their capacities are diminished due to stress. At the same time, companies are conducting layoffs, so teams are smaller. Itâs a really bad situation, and itâll be a long time before we bounce back all the way.
One of the few potential solutions is automation: youâve got to remove the little decisions that crowd peopleâs thinking. That makes it easier for them to be effective.
Iâd also like to see researchers study the effects of stress on employees below the CISO level. Everyoneâs contribution matters to the business, and how their jobs affect people needs to be taken seriously.
Q: Whatâs coming next? Is there any light at the end of the tunnel?
Itâs become a clichĂ© to say that weâre living in historic times, but the reality is that thereâs a convergence of seismic events, the likes of which we donât usually see in this country. When these kinds of things come together, it can be catalytic.
Look at whatâs happening right now with COVID-19. The states that are doing well are the ones that have focused on data. If you pay attention to the most reliable and meaningful metrics, you can begin to think about re-opening the economy and enabling access to all sorts of things.
Thereâs a strong parallel with cybersecurity. If you have reliable and meaningful metrics, you donât have to spend all your time thinking about the scope of the problem and how you are going to solve it. Instead you can concentrate on attack surface reduction.
And peopleâs attitudes towards all manner of things are changing for the better. The public has a much better understanding of the value and importance of data. When did you ever see people obsessing over predictive models before? Thereâs more interest in science and scientific thinking now.
I think the pandemic overall has given people a much better sense of whatâs important in life. Itâs possible to understand this in scientific and objective terms, but also in human ones. But I believe that over the long term this can contribute to positive social and political change.
Want to hear more insights on the most pressing issues in cybersecurity? Check out the latest events in our expert-led webinar series today.
The post Setting the Foundation for a Cyber Resilient Future: Q&A with Peter Schawacker of Blinktag Solutions appeared first on Respond Software.
*** This is a Security Bloggers Network syndicated blog from Blog â Respond Software authored by Carmen Harris. Read the original post at: https://respond-software.com/peter-schawacker-qa/
Gloss