Security Experts:

Can a Couple of Inches of Snow Change the Way We View Security?

On Tuesday, a rare weather phenomenon mixed with poor planning and an overdependence on cars conspired to create a perfect storm ~ CNN

Last week I spent the better part of an hour talking with my brother-in-law about his 22 hour ordeal of being stuck on an Atlanta highway in complete gridlock. As a native New Englander, it is practically inconceivable to me that just a couple of inches of snow and ice could have such a dramatic effect on a major metropolitan area. But that is exactly what happened. The city was brought to its knees and commuters, students, and anyone unlucky enough to be on the road found themselves in an event that reads more like the script from a bad TV movie.

Didn’t they know this was coming, I asked? “Yeah,” he replied, “They knew it was coming, but by the time they reacted and got the salt trucks on the road it was too late.” As I hung up the phone I was still trying to reconcile how you could be aware of a major event taking place, and yet still be powerless to do anything about it. And only in the South would two inches of snow qualify as major, but that’s beside the point.

Predictive Security IntelligenceA side effect of having spent more than 20 years in the security space is that you start viewing everything through the lens of security and how it compares to the way we do things in the security world. So the more I thought about the Atlanta example, the clearer it became that the predictive argument that we’ve been making for the past couple of years is only part of the equation. While predictive remains a critical component of any competent security program, the question remains, what are you going to do with this information? When you think about it, the folks down in Atlanta who have responsibility for maintaining the roadways had some pretty strong predictive data, but failed to be proactive and do anything with it, leading to a commuting disaster of historical proportions.

Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold. However, this information alone is not enough to counter the threats that are out there. As we saw in our Atlanta example, information only holds value if you put it into action. So while predictive security is the first step, proactive security is the direction in which we need to be viewing our security efforts.

In the world of security, hackers have always, and will always, be one step ahead of those trying to thwart their efforts. So when solid intelligence becomes available, it is incumbent upon the security teams to take this information and act upon it. Sitting back and waiting to see if the data “checks out” is akin to keeping the sanders and the plows in the garage while the traffic piles up on the interstate.

Intelligence in the world of cyber security has a shelf life, as conditions and variables can change very quickly. Failure to act upon solid information can lead to missteps, or in the case of cyber security, a significant breach and all the associated costs that follow.

I’ve written extensively on the value of taking a predictive approach to security and I still believe that it is a critical step in creating an effective security program. But now I’m ratcheting that up a notch and laying down the challenge to both my development teams and to my peers in the industry to not only seek out the important data that will make them successful, but to act upon it in a timely way.

Back to Atlanta, it’s easy to lay fault at the feet of those charged with maintaining the roads and they absolutely deserve a good amount of criticism for failing to act on the data they had. But let’s take it a step further and think like a security professional. People living in the area had access to the data from the weather services; they understand they live in a city where this weather is unusual and that they are not well prepared to handle situations such as this. A proactive approach for them could have been working from home that day, putting off non-essential errands, etc. This would have significantly reduced traffic volume and helped to alleviate at least some of the day’s commuting issue. Taking ownership and proactively acting upon solid predictive data can help you avoid a lot of headaches, and traffic, down the road.

Subscribe to the SecurityWeek Email Briefing
view counter
Mark Hatton is president and CEO of CORE Security. Prior to joining CORE, Hatton was president of North American operations for Sophos. He has held senior roles with companies ranging from venture capital-backed, early-stage software vendors to a Fortune 500 information technology services and distribution organization. Hatton holds an MBA from Boston University, Massachusetts and a BA Communication from Westfield State College, Massachusetts.
view counter