Content

2018: The year of the cyberdefender?

Share

Are we, as defenders, as a community and as an industry, so outmatched by our adversaries? Or perhaps we are approaching cybersecurity with the wrong mindset? There's no doubt that as we kick off the new year, the bad guys will continue to rapidly adapt skills and techniques to achieve their goals with the greatest impact. And that we, the defenders, will continue to face challenges as we try our damndest to protect our organizations.

A big part of my role as Chief Security Officer at Cybereason is to be an active listener. Much of the conversation and year-end predictions I hear around this time tend to be bleak and cynical. But, this year, I must disagree. There has to be a better way. After spending the last several months meeting with security practitioners, I feel a wind of change. The odds are finally shifting in favor of the good guys and gals. It's super optimistic, I know, but I have my reasoning.

The traditional approach to security has been like the little Dutch boy who attempts to plug the holes in the dyke with his finger while on his way to school. We assume that if we act quickly and in time, even with our limited strength and resources, we can avert disasters. But, there's a misalignment between business strategy, risk, and cybersecurity that has fundamentally rigged the system against a sustainable approach to managing our attack surface. Technology has so permeated our existence that both risk and opportunity can't be reasonably factored without considering the multifaceted nature of “cyber.” And organizations are finally realizing that cyber/information security encompasses much more than buying antivirus solutions, building a bigger wall, and playing whack-a-mole the hacker edition. It's about a mindset shift.

If cybersecurity wasn't already a board-level topic of discussion, damaging attacks like NotPetya undoubtedly made it one in 2017. During earnings calls, C-suite executives from global corporations discussed how NotPetya impacted quarterly and yearly revenue. While losing money is never something to celebrate, attacks like NotPetya made the importance of effective cybersecurity a board-level topic once and for all. C-level executives are increasingly involved in discussions that used to take place solely in the IT security departments. With this level of involvement, we may finally see a commitment to gain the upper hand against the adversary.

In 2018, companies around the world will truly get aboard the cybersecurity train because of the General Data Protection Regulation (GDPR), the new EU regulation governing how businesses protect the data and privacy of EU citizens. While the GDPR is an EU measure, its implications are global. All companies must comply with the GDPR if they handle the data of EU citizens. Noncompliance will result in major fines against a company, a situation that any business wants to avoid. Complying with the GDPR forces them to plan to comply with it, making cybersecurity an issue for the entire C-suite.

Over the last year, organizations have made small, but meaningful strides around reducing the number of days to identify and contain a breach, according to the Ponemon Institute's 2017 Cost of Data Breach study. In 2017, organizations took an average of approximately 191 days to identify a breach, down from 201 in 2016. Meanwhile, containing a data breach took 66 days, compared to 70 days. I want to believe that this trend will bring us to a tipping point where prevention, detection and response will improve to dramatically shorten this gap.

Every year seems to be “the year of” something in cybersecurity, whether it's “the year of the ransomware reign” or “the year of the retail hack.” I'm predicting that 2018 will be the Year of the Defender. I encourage you, my fellow security leaders and practitioners, to partner with other functions in your organization to toe the line and help everyone adopt a security mindset. Like all predictions, the weeks ahead will determine their accuracy. But whatever the new year holds, here's hoping that defenders are truly empowered in 2018.
Sam Curry

Sam Curry is CSO at Cybereason and is a Visiting Fellow at the National Security Institute. Previously, Sam was CTO and CISO for Arbor Networks (NetScout) and was CSO and SVP R&D at MicroStrategy in addition to holding senior security roles at McAfee and CA. He spent 7 years at RSA, the Security Division of EMC as Chief Technologist and SVP of Product. Sam also has over 20 patents in security from his time as a security architect, has been a leader in two successful startups and is a board member of the Cybersecurity Coalition, of SSH Communications and of Sequitur Labs.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.