Speaking at the sixth CSIT World Cyber Security Technology Research Summit in Belfast Michael Brown, VP & General Manager of RSA Public Sector, said that as cybercrime becomes more prevalent and hackers become more advanced, the industry is now faced with the reality that taller walls will not solve our security problems.
Instead, Brown put forward three key priorities that should be tackled to deal with the changing scale of today’s modern security threats and address customer needs.
Firstly, Brown explained that organizations have to operationalize cybersecurity. He said “We must fix the disconnect between cyber-policies and operational execution” on a day-to-day basis.
Brown explained the biggest weaknesses companies in both the private and public sectors experience is the “lack of their ability to measure, assess and mitigate cybersecurity risk,” which makes it almost impossible to prioritize security activity and investment.
Secondly, there is an imperative need for visibility, and companies must adopt a deep skill of truth which implements “visibility everywhere at scale” from the endpoints to the cloud.
“We need true visibility into our enterprise environments,” Brown continued. “You simply can’t do security today without the visibility of both continuous, full-packet capture and endpoint compromise assessment.”
He said that technology alone doesn’t solve this visibility issue, arguing companies have to face a “mindset problem”.
“Some organizations don’t even want to know what is going on in their networks,” he added.
“If we do not know what is going on with our network, sooner than we think the day will come when we will not be able to effectively rely on the integrity of our data.”
Lastly, security professionals have to recognize and address an expanding attack surface and the risks to the Internet of Things.
“Today the attack surface has expanded tremendously,” he said. “It includes data within a cloud provider’s environment – everything from phones, to tablets, to watches and ID badges, the list goes on.”
Brown alluded to the fact that IT enabled drones and vehicles are just on the horizon, suggesting even the “CEO’s wine cooler” is now a threat vector.
“We have to recognize that innovations in robotics and artificial intelligence far outpace our ability to secure those environments.”
To conclude, Brown warned companies against assuming that financial gains are the only, or even the biggest, driver of cybercrime. Instead, they should focus on assessing how they can best implement the above mentioned priorities to build stronger security infrastructures.