By Colin Black, CIO, Crowd Strike
Cybersecurity remains one of the biggest challenges technology leaders face today. The saying used to be that modern businesses rely on people, processes, and technology. In 2016 and beyond, it will take people, process, technology, and intelligence to protect your business, IP, and tradecraft. Global economic developments and geopolitical events are a growing force behind today’s cyber attacks. Just because something is happening thousands of miles away, don’t think that it won’t wash up at your doorstep in the form of some kind of cyber attack. Having actionable intelligence about WHY someone might be targeting your business is critical for helping CIOs making more informed decisions about resource allocation to protect their networks.
Security breaches have become the new normal across industries and organizations of all sizes. Cyber risk mitigation starts with anticipating and detecting potential threats, and being prepared to defend against new tactics, techniques, and procedures (TTPs). Emerging intrusion trends require a new approach to proactive defense that includes active real-time hunting and detection, prevention, and investigation capabilities that are geared to defend against increasingly stealthy attacks. These technical capabilities and solutions are critical for making today’s enterprise successful.
“Cyber risk mitigation starts with anticipating and detecting potential threats, and being prepared to defend against new tactics, techniques , and procedures (TTPs).”
Business and technology leaders who do not prepare their organizations will lose ground to competitors as they will constantly be in reactive mode to remediate network incursions, have their trade secrets siphoned through cyber espionage, and lose customer trust.
Essential Components for Effective Cybersecurity
The dramatically increased persistence and sophistication of attackers call for a radical shift in how businesses protect themselves. Endpoints are usually at the frontline of cyber intrusions on enterprise networks making everyone a cyber security practitioner, whether you are in IT, HR, Marketing, Finance, Legal, etc. Everyone in a company is at the endpoint. The recent trends of remote work, bring-your-own-device (BYOD), and Internet of Things (IoT) create an environment in which endpoints are even more challenging to protect than before. Unfortunately, the first line of defense used on laptops, workstations, and servers is typically outdated solutions that are, by design, one step behind constantly evolving adversary tactics.
There are two main vectors of success when it comes to competitive security solutions: The first one is stopping known ‘bads’ and the second is identifying and thwarting unknown threats.
Security solutions that offer real-time visibility into adversary activity on every endpoint device to detect and prevent intrusions before real damage occurs are going to be the future of the industry. The components that make up that type of technology solution are complex, and often involve pretty innovative approaches like machine learning and graph-based technologies. As a result, having a cloud-based model to deliver security is critical for giving businesses the flexibility they need for deploying and updating security solutions on a pace and scale that can keep up with today’s cyber attacks.
Lastly, regardless of how comprehensive the endpoint protection solution is, no single technology can prevent 100 percent of breaches. A motivated and sophisticated adversary will eventually get it. This is why having a strong detection capability and augmenting it with a team of professional hunters—either in-house or third party—can help prevent silent failure.
Proactive Approach to Security Challenges
As a CIO, my role is to continually challenge our team to build a better, faster, and smarter technology portfolio to meet the evolving needs of the business. Being in the security industry and operating at a global level, I help the company move in lockstep with evolving local and international legal and regulatory laws. These types of challenges keep me up at night but they also invigorate me.
That said, you can have all the technology in the world, but if you don’t have the right people in place, if people aren’t trained and using the appropriate cyber security procedures, you’re still going to have problems. And I’m not just talking about your IT personnel. Everyone in the company is at the endpoint— marketing, finance, sales, HR, etc. As such, everyone needs to be trained and mindful of proper security behavior. So don’t put all your eggs into the technology basket alone. It’s still a person who, unfortunately, is going to click on that link in an email from someone they thought they knew, or open up that attachment that provides access for a hacker.
Most cybersecurity technologies today rely on Indicators of Compromise (IoCs) to block “known bads.” The challenge is that IoCs go stale fast, which is largely why we have a problem of silent failure in the industry. At CrowdStrike, our solution is fully cloud-based, and instead of IOCs, we focus on Indicators of Attack (IOA) so that you can take a more proactive approach to security and not be so reactive. IOAs mean you are looking for patterns or the effects of what an adversary is looking to accomplish. There are incredible advantages that the cloud drives for endpoint security, including the ability to keep tabs on and learn from attackers as they test attack strategies, crowdsource threat intelligence, and provide seamless upgrades.
Role of IT in Driving Digital Transformations
Technology should not only be a business enabler but also a force multiplier, driving effectiveness, better communication and collaboration. At its core, CrowdStrike’s business is about real-time exchange of information, analysis, and alerts. We need our IT backbone and future strategy to reflect that.
Today, most businesses depend on the CIO to drive digital transformations that enable the organization to do things faster and better through technology. Coming into Crowd Strike, I was fortunate because I was a customer of the Crowd Strike Falcon platform before I joined the company. This enabled me to witness first-hand the value of the technology and how it solves real-world problems. As a result, many of our customers and prospects want to hear from me directly as they consider doing business with us.
What’s unique about the cybersecurity industry is that many CIOs have to educate Boards of Directors (BoDs) or C-level business leaders about the organization’s security challenges and risks. This is a relatively new paradigm shift in the field, which I believe will elevate the role of the CIO even further. At the same time, CIOs need to understand the value and work on their communication skills for translating technology issues into business issues that BoDs can easily grasp and understand.
Future of Cyber security and Emerging Technologies
CIOs will continue to play an important role in security decisions. Many of my peers are actively engaged in re-architecting their technology strategy to incorporate a security vision that breaks down siloes, protects data seamlessly, and blocks epidemic threats lurking within networks, endpoints, or devices. CIOs working collaboratively with the CSO or CISO can help more effectively prepare all facets of their operations for better security hygiene—processes, technology, and people—to limit exposure to cyber threats.
Don’t be afraid to embrace emerging technologies and take chances on innovative approaches. This will help you push your company ahead of the competition and adapt more easily to next-generation trends. And again, emphasize the ability to speak in business terms to execs and BoDs.