“Security professionals tend to think about the ‘latest and greatest’ and the next big thing, such as how AI will be the next great tool in security. But hackers are beating defenses with basic tradecraft. It’s usually not anywhere near the level of sophistication one might think. The challenge companies face is getting security in place that is useful and helps people do their jobs, but keeps bad user behavior from being a persistent threat. Also, the cybersecurity talent shortage is becoming a real issue – there is no simple answer except greater reliance on security software.”
Security Complications of the IoT
“The IoT is going to continue to be an issue as threats grow in size and scope. Even as people become more aware of security risks, and developers try to work harder to secure connections, in many cases security isn’t a consideration at all, or it’s only added at the end. When a botnet occurs, such as the Reaper botnet, we have no idea how big it is, or the motivations, or what is already affected. Things like smart toys and the next cool, connected thing are making this scenario more complicated.”
Risk Assessment before Advancements
“You can’t have the conversation of what to prioritize until you’ve completed a risk assessment on gaps and openings from an attack vector standpoint. Rather than going after the new, shiny object, companies should focus on the basics of good enterprise credential hygiene and best practices of access controls.”
AI Distractions
“AI has its place in sifting through the data, making sense of all the false positives, and surfacing the real, meaningful alerts so that a human can do something about it. I think AI will be important moving forward, but it can be a distraction. There are other things that probably take precedence that don’t include AI assisting me in my threat intelligence.”
Cloud Growth, Same Security Concerns
“Cloud growth really depends on the type of system that’s in the cloud. Many companies are resistant to put passwords and credentials in the cloud, but many other security necessities with data that is less critical are shifting to the cloud. We have a decent way to go before everything out there is based in the cloud.”
The Future of Work & IT Operations
“We’re going to see an evolution of the “managed security as a service” provider. More companies are looking to outsource how they acquire and manage security solutions, and managed security service providers can help ensure the right tools and technologies are in place to mitigate insider threats, control access and minimize external threat actors.”
[su_box title=”About Sam Elliott” style=”noise” box_color=”#336588″][short_info id=’101975′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.