Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Cyber Insecurity: Can We Take Up Arms Against a Sea of Troubles?

Fears around IT Security

“Whether ’tis Nobler in the mind to suffer The Slings and Arrows of outrageous Fortune, Or to take Arms against a Sea of troubles, And by opposing end them” – Shakespeare, Hamlet, Act III, Scene I

Fears around IT Security

“Whether ’tis Nobler in the mind to suffer The Slings and Arrows of outrageous Fortune, Or to take Arms against a Sea of troubles, And by opposing end them” – Shakespeare, Hamlet, Act III, Scene I

Insecurity of any time stems from a common psychological cause — fear.  Fear is generally a reaction to something immediate that threatens your security or safety, triggering a sense of dread, alerting you to the possibility that your physical self might be harmed, which in turn motivates you to protect yourself.

This negative emotion is amplified by an inability to take action, to impose action that removes or prevents fear itself.  Fear itself can harm one’s judgment and prevent teams from taking action.

There is a parallel in today’s overheated information security environment.  The breach-a-minute pounding corporate and information technology professionals face every day can make many of us feel like Hamlet: fearful, paralyzed not sure what is the best course of action to take. The overwhelming number of reports detailing the scape and scope of breaches, the enormous troves of confidential and national security information, and the speed and sophistication of shadowy enemies is enough to make you want to put the pillow over your head and not get out of bed in the morning.  Indeed, more and more money has been spent on perimeter and mobile security, yet companies believe they are less secure.

Taking a directed course of action can not only strengthen a company’s cyber defenses, it can also re-establish confidence in IT systems overall.  It is important to have a strong focus on the data center, where the crown jewels of information assets are stored and under attack by cyber Willie Suttons.  As I outlined in a prior column, IT teams must move to incorporate new security measures beyond the traditional approaches.

To help build both effectiveness and confidence in data center and cloud security information security must broaden its base to eliminate the gaps and weaker processes.  Here are four organization and technology initiatives that can strengthen both security and confidence in the IT and business community.

1. Security must not be run in a silo. While security teams play the most critical role in assessing corporate risk and setting policy, there must be leadership and shared responsibility across various IT functions.  It is critical that other IT functions understand and support security initiatives as early as possible.  Knowledge is power.

2. Security must adapt to today continuous delivery model.   Businesses need to run fast and have adopted agile, orchestrated methods of application development.  If security capabilities can keep up, the entire enterprise can have more confidence. Instead of being seen as a form of inertia to application delivery, security can become a catalyst.

Advertisement. Scroll to continue reading.

3. Breaches must be found rapidly.  Systems must be engineered for constant visibility and notification of policy violations in the case of a breach.  This means that IT teams must be presented with specific and actionable intelligence and not an endless row of notifications that cannot take action on in a timely fashion.

4. Containment is as important as discovery.  It is nearly impossible to engineer – or to claim to engineer – a data center security approach that will prevent all forms of breach.  The damage of a breach will be mitigated by the effectiveness of the containment system. The ability to contain a bad actor with a single click should be the goal.

We certainly live in interesting, even dangerous times.  But we can “take up arms against a sea of troubles,” restore confidence in our IT systems, and lower our emotional and actual exposure to cyber insecurity.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...