CEO Kirsten Bay outlines her approach to a 100-day cybersecurity plan for the new administration.
Cyber adAPT recently attended the Gartner Security & Risk Management Summit during a surprisingly sunny mid-September week in London. The event was bound to be informative with over 30 vendors exhibiting, a packed agenda of keynote speeches from analysts, enterprises and thought leaders including an entertaining presentation from high-wire artist and magician Phillipe Petit.
During the Summit, we hosted an executive networking lunch attended by security and risk professionals from around the world. The lunch turned into a lively discussion on shared challenges each is facing – from implementing new cybersecurity policies to defending against new attacks. We also attended a few of the stellar Gartner-led presentations and seminars in between meetings with analysts, partners, customers, prospects and peers, which helped us refine how we understand and solve our customers’ most pressing security challenges today and in the future.
Looking back, we were intrigued by some common themes and emerging trends that came up throughout many different conversations at the Summit.
Tom Scholtz of Gartner delivered an inspirational keynote discussing digital humanization and people-centric security, an intriguing insight into a future business philosophy. These principles are well worth investigating, as Gartner presents an alluring picture of fully mobile, flexible technologies with security built in by design, working in harmony with both business objectives and human nature.
These philosophies align well with Cyber adAPT, as it is our view that cybercrime is driven by humans, and it is humans who need to work in a community enabled by technology in order to protect against the adversary. There is a lot of talk around artificial intelligence and automation within security, but when we spoke to people at the Summit who were dealing with the here and now, they told us that overreliance on automation can, and in some cases already has, set them up for failure.
We also frequently heard that employees within an organisation often fight new security implementations, because they feel that these initiatives will inhibit their ability to be efficient in their work. Whether these are deliberate or inadvertent roadblocks, they cause headaches for the security leadership. Sometimes reluctant adoption can be the executive leaders of an organisation, either unable or unwilling to invest in improved security. Likewise, it could be departments implementing shadow/citizen IT, simple circumvention of security policies, or well-meaning or malicious insiders leaking data.
Combine this with the cybercriminals, who are people too, and you can see that this is first a human-to-human issue. Technology and automation can only do so much, but understanding and dealing with people and their motivations is crucial to successful security programs.
BYOD, shadow or citizen IT, cloud, mobile-first organizations and the “gig economy” all combine to create organizations with no perimeter, or, at least, a very fluid one. Time and again we heard how business needs are fundamentally changing the IT structures that security and risk managers are required to protect.
Visitors to our stand were attracted by our mobile-first approach and deep understanding of the mobile ecosystem, as they struggle to deal with the pace of mobile growth and business change. We heard from leading Gartner mobile analysts and security managers that the fast-moving nature of mobile technology means that often the mobile infrastructure at an organization is not fully enterprise-owned, presenting policy conflicts resulting in shadow IT.
When regulation meets these new technology advances, security becomes even more of an issue. With European Data Protection Regulations in force, and highly regulated industries including finance or healthcare, matching business needs for flexible technology and low costs with security requirements of secure data and transactions is a real challenge.
The unifying theme at our executive networking lunch was the challenge risk and security managers face in picking up and applying security after a company has made a business or product decision.
We heard a few troubling stories:
Consider the pressure Today’s security manager must feel, from relentless technological advancements to the need for board-level buy-in, internal culture change and educating an increasingly nomadic workforce.
IDC claims that US mobile workers will grow from 96.2 million people Today, to 104 million by 2020. As employment statuses change to reflect the “gig economy” of independent, short-term workers, this presents additional challenges for IT teams – how do you manage people when they aren’t actually “your” people?
When Philippe Petit took to the stage at the end of day two, he focused on the planned and controlled risks he took when undertaking stunts such as the walk between the Twin Towers of the World Trade Center.
This did feel like an appropriate summation of our experiences at the Summit, where IT and security managers are in the position of having to take educated risks on exactly what they support. Business requirements and mobile technologies evolve so quickly that the combination of cyber threats challenge security managers to know just which security tasks or alerts are the ones they need to pay attention to.
One of Cyber adAPT’s customers likened the experience to floating on a raft at sea, surrounded by the fins of circling marine animals. You are well on the way to keeping the raft sailing and your head above water if you can find a technology to help you identify which of those fins belong to man-eating sharks and must be addressed immediately, and w
Enter your details and we’ll get back to you