By Tammy Moskites, CIO and CISO, Venafi
Advanced Solutions for Thwarting Sophisticated Cyber Attacks
I think the best way to describe the challenges that need to be met within the cybersecurity industry is to use a health analogy. Just as viruses make humans sick, they too can make computers sick, causing network to be disrupted or even shut down. To combat this problem, companies have developed anti-virus solutions and a whole new industry was born. This solved the problem for a while, but viruses have evolved into sophisticated malware and Advanced Persistent Threats (APTs) - threats that antivirus and other signature-based technologies simply cannot detect. Hackers have upped their game and now are using the foundation of the Internet and cybersecurity- cryptographic keys and digital certificates–to evade security tools. These keys and certificates run on everything - from IoT devices and mobile phones to the clouds and even airplanes and cars - and we blindly trust them. In our world of sophisticated threats, enterprises need ever-evolving, intelligent response that protects network, business and brand.
"The most important thing to consider when integrating data across the enterprise is ensuring that data is secure within the network”
Powerful Data Security Assures Safer Integration
The most important thing to consider when integrating data across the enterprise is ensuring that data is secure within the network. After doing research and consulting with my peers around the world, I realized that we are truly neglecting the security basics and need to get back to them fast.
1. Take careful inventory of your assets and software - You can’t protect if you don’t know what you have.
2. Establish a trusted baseline - This will allow for easy identification when security issues arise.
3. Deploy a strong security foundation - By knowing what you are protecting you can ensure that you are only using the necessary and effective solutions for your network.
4. Beef up your detection - You need to establish strong processes and procedures in incident response plans, triage-analysis tactics and log monitoring.
By ensuring that you are addressing these basic steps, you will have much higher confidence that the data being shared is secured.
Investing in Highly Skilled Security Team
Beyond simply implementing the latest and greatest technology tools, I believe that building a team of skilled security professionals is a key to giving enterprises a competitive edge in the security world. There are simply not enough skilled security professionals to meet the need rightnow. (ISC)2’s latest global workforce study, sponsored by Frost & Sullivan, found the shortage of security professionals will reach 1.5 million within five years. That’s a startling number, and why I believe that employing qualified, skilled IT security professionals - both women and men - is a critical concern if enterprises want to keep ahead of threats.
Regular Testing of Data Enhances Protection
The unknown and the rapidly changing security landscape keep me up at night. With significant data breaches occurring nearly every day, sensitive data is being lost at an astounding rate, adding to the many worries of the modern day CISO/CIO. Beyond locking down existing data, it’s also critical that an incident response program be put in place that is documented and tested regularly. This won’t stop breaches from occurring, but will allow organizations to be able to react quickly and assure customers that their data is safe and secure.
Cloud and IoT Transforming Business Environment
Cloud and IoT are both major trends that will have a significant impact on the enterprise business environment moving forward. At Venafi, we deal with digital certificates and cryptographic keys - are the foundation of trust on the internet - and security is upheld is a major concern now and will likely remain so in years to come. If cybersecurity has to be improved across industries and throughout government, CIOs and CISOs need to make security a central concern and take steps to secure the foundation of their organization.
Be Updated to Drive Success
With the rise of DevOps and explosion of mobility, the IT world is rapidly evolving, and it’s essential for CISOs and CIOs to continue to develop their craft. It is absolutely critical for someone in my role to not only be aware of all changes within the industry, but to become an expert and knowledgeable resource to better protect the enterprise. I’ve found that constantly meeting with peers and industry experts around the world, attending tradeshows and discussing hot button issues with those in the know, allows me to stay up to date on the latest threats, trends and industry developments.
Evolving Role of IT along with CIO and CISO
All enterprises have felt a shift as we move to a world where everything is now digital and mobile. Incredible amounts of data are now at our fingertips and we are more connected than ever before. The IT industry has rapidly evolved over the years, and data protection is no longer solely an IT issue. Instead it has become central business concern and a smart investment. The role of the CIO and CISO must evolve with these rapid changes to ensure that IT professionals are doing everything they can to ensure the massive amounts of data are not exploited by the bad guys.
Higher Priority for Cybersecurity
I think one of the biggest changes for the role of IT in every company is having a voice and a seat on the Board. The IT landscape has changed and today’s CIOs and CISOs grapple with a much wider, deeper, and more complex set of responsibilities - beyond just keeping the bad guys out and deploying security for a more secured business. It is vital that board members understand the importance of cybersecurity and recognize cyber breaches’ potentially catastrophic impact on their organization’s brand, reputation, bottom line, and stock price. They need to better promote cybersecurity and help board members understand that cybersecurity should be a top concern for their business.
Embedding Security for Business Agility
My role at Venafi is unique and in that I am both the CIO and the CISO. For me, it is hard to separate one from the other. With everything that I do every day, I embed security and controls into what make sense for Venafi and our customers to ensure business enablement. With my 30 years of IT and security expertise, it was natural for me to take on the role of both CISO and CIO, but today our threat landscape has transformed cybersecurity into a C-suite conversation, so my roles tend to overlap and intermingle.
Doing the Right Things Right!
You must focus on ensuring you’re not only doing the right things, but doing the right things right. In the tech and security industry, it’s very easy to get caught-up or lost in the noise, and you will need to rise about the rest and strive for success to maintain your organization’s security. The business of IT and security is all about enablement – but always keep in mind, if your job is business enablement you must accomplish this with collaboration across the business – surround yourself with smart people. Remember – you are not in this a lone!!!
Advanced Solutions for Thwarting Sophisticated Cyber Attacks