#RSAC: Cybersecurity Industry Keeps Making the Same Mistakes

IBM Security’s global executive security advisor recommends looking at the past to shape the future of the cybersecurity industry.

In a presentation titled ‘Avoiding Cybersecurity Groundhog Day’, Diana Kelley, global executive security advisor at IBM Security, called for the cybersecurity industry to start looking at the past to stop making the same mistakes.

“Every time there is another breach, it kind of feels like groundhog day. We need to get out of that repetition”, she said.

Whilst she acknowledged that perfect security is not possible, she insisted that the industry can stop making the same mistakes. “We get collective amnesia and we forget the past. We’re in a level of immaturity.”

Part of the industry’s downfall is that it tries to reinvent the wheel every time a new technology comes along, which, Kelley said, is often unnecessary and counter-productive.

“As we build new systems and new solutions, think about whether you’ve remembered the lessons of the past – have you built security in?”

Threat models need to evolve at the same pace as technology, insisted IBM Security’s Kelley. “We need to understand how the attackers are carrying out their attacks now. They collaborate with each other, so we [the cybersecurity industry] need to do that too.”

Kelley countered that whilst attackers are increasingly sophisticated, they are not always using new methods. “They often rely on old techniques, old attacks. An attacker doesn’t care whether it’s a new or old vulnerability – they just care that it works.” She pointed to ransomware as an example. “After the last few high-profile attacks, we can see the old techniques that worked well.” Old techniques for defense need to be in place to offer protection, she said. “Patch, segment your networks, back-up your data and educate your users.”

Adopting basic cyber-hygiene protection will “help to avoid cyber groundhog day”, said Kelley.

What has changed in the last few years, she added, is that attackers have “learnt to take huge amounts of data and work out whether it’s valuable or able to be monetized later. This should change our threat model – it’s no longer about just protecting the crown jewels, but the massive data sets that attackers are taking.”

 In conclusion, Kelley listed a number of essentials that need to be practiced in order to avoid cyber groundhog day:

  • Instrument your environment with effective detection
  • Have a patching solution that covers your entire infrastructure
  • Maintain identity governance to audit and enforce access rules and permissions
  • Maintain a current and accurate asset inventory
  • Keep up with threat intelligence
  • Implement mitigating controls
  • Create and practice a broad incident response plan 

What’s Hot on Infosecurity Magazine?