As you’ve probably seen, today marks the beginning of a new era for us here at Fidelis Cybersecurity. We have officially joined the Marlin Equity Partners family and we couldn’t be more thrilled. It’s exciting to have a world-class private equity firm choose to acquire us because of what we have accomplished. But it is even more exciting for us and for our customers that the world-class private equity firm shares our mission of helping organizations fight against today’s advanced threats.
As we enter this new chapter, our Threat Geek mission continues. We will share insights on breaking industry news and trends, as well as lessons we’ve learned from the breaches that we investigate and the threats that we research. We will continue to share with you both our expertise and what we learn from others.
Over the last few weeks, for example, in addition to preparing for this news, we’ve talked with many customers about the security market, the risks they face in their unique industries and organizations, and what they need from their security partners. Between our annual customer advisory board (CAB) meeting and the discussions we had at RSA, we gathered their insights so that we can aggressively address the current needs of the market.
During RSA’s buzzword overload (analytics, analytics, analytics!) and the honest conversations at our CAB meeting, I’d like to share with you some common themes that emerged. They centered on what security IT leaders should be doing to help themselves and their organizations be better prepared to fight the cybersecurity fight:
Don’t Bore the Board – For years, cybersecurity wasn’t on the Board’s priority list. But things have changed due to the deluge of high-profile breaches and the SEC paying closer attention to cybersecurity risk and incident disclosures. The challenge now is a language barrier that exists between Board members and CISOs and security analysts – and the onus is on the latter to communicate in business and risk terms that the Board will understand versus the more familiar tech speak. Boards need to adequately assess a company’s risk and to understand where investment and support is needed to strengthen the company’s security posture and team.
Get a Bigger Hat Rack – Security teams are wearing more corporate hats than ever before. In addition to their every day jobs of protecting the network and critical company data, and standing ready to quickly implement patches when a vulnerability like Heartbleed or FREAK is discovered, they now need to be involved in Board-level risk management discussions and become quasi legal experts.
Notably, security professionals now need to understand the legal environment and how it is evolving in their industry. This includes, for example, an understanding of disclosure and how their emails will be reviewed during litigation that may result from a security incident. One scenario discussed is if a security analyst flags potential malicious activity to his superior that is not pursued further, there could be both legal and liability ramifications if the issue results in a damaging security incident. While security analysts shouldn’t hesitate to flag potential issues, they should know about how those emails could potentially come into play later so they are properly prepared should litigation occur.
Share the Goods – It’s always a sign you work in a collaborative industry when one of the key themes is the importance of information sharing --not only with law enforcement, but also other enterprise security teams and vendors. Even with all the other tasks and responsibilities that reside with security teams, they are taking time out of their day to focus on sharing information for the betterment of all. In my experience, security folks are passionate about what they do and it shows in their commitment to join together to mount a stronger defense against very challenging adversaries.
The security industry is evolving and changing rapidly and our acquisition today is one example of that continued evolution. Stay tuned for more from our Threat Geek team – I’m handing back the mic now so they can continue to bring you the latest on the threats, techniques and trends you need to know about today.