Mike Potts, CEO of Lancope (www.lancope.com), published a blog post reflecting on the recent RSA Conference and how, while once the domain of IT security specialists, cybersecurity is now becoming familiar terrain to C-level execs. Far from being a solely a technical concern, Mike explains that “cybersecurity is finally being recognized as a business discipline that directly impacts an organization’s business goals, which is causing the C-Suite to sit up and listen.”
Another RSA conference is behind us, and as always, we overheard security professionals speaking their own language using terms like “APTs“ and “zero-day threats.” While these words and numerous other terms sound like jargon, they represent important cybersecurity concepts that have typically flown over the collective head of C-Suite executives and board members — until today. At this year’s RSA conference, I noticed that cybersecurity is finally being recognized as a business discipline that directly impacts an organization’s business goals, which is causing the C-Suite to sit up and listen.
The string of damaging data breaches suffered by high-profile companies like Target, Sony Pictures, Home Depot and JP Morgan Chase have helped to elevate the issue of cybersecurity to the C-Suite and board levels. While the mechanics of identifying and remediating attacks may reside with the IT team, cybersecurity has become a company-wide effort that the leadership team must oversee.
With cybersecurity cast in this new light, CEOs need to consider three crucial questions: what must be done to provide security administrators with network visibility to manage both the internal and external security threat, what is the company’s incident response plan, and what will be done to minimize the damage done by the inevitable attack? And, in fact, many Fortune 500 enterprises are forming board cybersecurity subcommittees to answer these questions, translating the cybersecurity discussion into business terms that directors and the C-Suite can digest and act upon.
Another observation I had at RSA is that the cybersecurity discussion is changing. No longer are we talking about if we’ll be attacked and even when we will be attacked. Today, we know that it is very likely that the bad guys are already inside the network.
To complicate matters, we’re on the leading edge of the Internet of Things trend. An increasing number of machines, encompassing everything from printers to refrigerators to heart monitors in hospitals, have their own unique IP address and can communicate with one another. This creates a new set of cybersecurity vulnerabilities that will affect virtually every industry.
Welcome to Security 2.0.
In the world of Security 2.0, attackers have become increasingly sophisticated and are capable of bypassing traditional network perimeter security defenses; in fact, the threat of an insider attack is actually a bit higher — about 51 percent — than that from an outsider. That is why having a real-time view inside the network is so critical. I’m not suggesting that organizations abandon perimeter defenses altogether. But at the same time, companies and government entities alike cannot rely on perimeter defense tools alone and expect to adequately secure their networks. Outside attackers can too easily break through, and of course, it’s just as easy for the inside threat actor to open the door and walk out.
Insider threats, network visibility, device classification, Internet of Things…I realize that for a CEO this post may start to fall under the heading of “cybersecurity jargon I don’t need to understand.” So let me revisit the three questions I mentioned earlier and provide some context. These are questions that you, and hopefully the new director of your board’s cybersecurity subcommittee, should be asking your security administrator:
- Do you have visibility into activity going on across our entire network? This is a necessity in a Security 2.0 world, and your budget should focus on implementing technologies that provide this internal visibility as well as hardening the security perimeter around the network.
- What is our incident response plan? This is the company’s response plan, not just an IT plan. How are employees trained to recognize suspicious external and internal activities and report those activities? How will you work with your marketing and legal teams to communicate the incident to employees and to the public? These just a few of the questions that must be addressed in a comprehensive incident response plan.
- What is our remediation process? It is naive to expect an attacker will not penetrate the defenses on your network. If the attacker tries 100 times and only succeeds once, he wins. With this in mind, cybersecurity best practices must also include how to quickly remediate an attack to minimize the damage, both in terms of compromised assets and damage to your company’s reputation.
Many companies that suffer a data breach don’t realize the damage has been done until a third party such as the Department of Justice or a bank alerts them. This is a clear signal that the era of Security 1.0, which had companies devoting their budgets to blocking outside threats from getting in, is over. We’re now in the era of Security 2.0 where the attacks are more sophisticated, the insider threat is very real, and the term “connected devices” applies to an ever-growing variety of machines that are connected to our networks. It is also an era when the C-Suite and the board of directors are finally giving information security the attention it requires in order to maintain the company’s security posture while also recognizing its importance as part of the overall business plan.
By Mike Potts, CEO of Lancope
Lancope, Inc. is a leading provider of network visibility and security intelligence to defend enterprises against today’s top threats. By collecting and analyzing NetFlow, IPFIX and other types of flow data, Lancope’s StealthWatch® System helps organizations quickly detect a wide range of attacks from APTs and DDoS to zero-day malware and insider threats. Through pervasive insight across distributed networks, including mobile, identity and application awareness, Lancope accelerates incident response, improves forensic investigations and reduces enterprise risk. Lancope’s security capabilities are continuously enhanced with threat intelligence from the StealthWatch Labs research team. For more information, visit www.lancope.com.