Over the last several months we had the opportunity to engage in many conversations with both customers and IT security leaders about the events happening in the security market. Cyber warfare took new meaning in 2015 and left lethal destruction in its path. As we wind down and head into the New Year, here are my key observations of the state of cybersecurity and what’s to come. I invite you to comment and share your point of view for an engaging discussion.
- CISO as Lead Commander. The role of the CISO has evolved from that of a technologist, focused on the security hygiene of the company, to a critical member of the leadership team. The characteristics that define a world-class CISO are much different today than a couple of years ago. Today’s CISO must not only be a savvy business leader and a great communicator, but also be highly adept at planning and leveraging the organization’s assets to protect their company because – as we saw with Target – failure can cost them their job. They also need to be “ready for the inevitable.” We saw more CISOs implementing a practiced, second-to-none incident response and communications strategy that is integral to handling breaches. CISOs also transformed themselves into becoming better communicators. They now spend 50 percent of their time advising the board and cross functional departments on the company’s security posture. This positive trend insures key c-level executives and boards have the expertise to take appropriate actions in recovering from attacks and building solid security operations.
- Prepare to Do Battle. The attack surface continues to evolve – and that evolvement is escalating due to the huge growth in cloud, mobility, virtualization and IoT devices. This dramatic change in the attack surface is making it more difficult for companies to prevent their networks and endpoints from being compromised and to protect their data from unknown adversaries. If an attacker wants in, they will get in. What’s important to keep in mind is that the APT is a “who,” not a “what,” and organizations need to be prepared for battle. They need to prevent information theft as well as respond to and remediate breaches quickly. As a result, we’re seeing more organizations shift from spending their security dollars on prevention technologies to investing in early detection and rapid response tools. This trend will continue to accelerate in 2016.
- Innovation, Automation, Collaboration. Three themes that I keep hearing from customers are that they want best-in-class security, want to reduce the number of security vendors and want talented security professionals (in high demand and short supply). The answer lies in adopting integrated and automated solutions that enable security teams to become better, smarter and more efficient at what they do. It also means deeper collaboration with security vendors and consulting services towards solving common goals and battling adversaries.
- Encryption Conundrum. As the recent terrorist attacks have sparked fresh debate about the risks of encrypted communications, the issues around encryption will remain in the forefront. More and more traffic is being encrypted to protect data and people’s privacy, but there are risks associated with it. Encryption creates blind spots in network defenses that adversaries use to launch exploits and exfiltrate important data. Policies may change in how we deal with encrypted mobile, voice and data traffic, but until that happens, it’s imperative that organizations seek to implement solutions that detect and respond to hidden threats in encrypted traffic.
In 2015 as we saw attacks escalate and nation states and terrorist groups on the rise, the security industry stepped up their game yet much work needs to be done in executing an unified threat defense mentality and strategy. We’ll discuss more on this topic in future blogs and share how we’re innovating, integrating, automating and empowering security operations.