Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Can a Couple of Inches of Snow Change the Way We View Security?

On Tuesday, a rare weather phenomenon mixed with poor planning and an overdependence on cars conspired to create a perfect storm ~ CNN

On Tuesday, a rare weather phenomenon mixed with poor planning and an overdependence on cars conspired to create a perfect storm ~ CNN

Last week I spent the better part of an hour talking with my brother-in-law about his 22 hour ordeal of being stuck on an Atlanta highway in complete gridlock. As a native New Englander, it is practically inconceivable to me that just a couple of inches of snow and ice could have such a dramatic effect on a major metropolitan area. But that is exactly what happened. The city was brought to its knees and commuters, students, and anyone unlucky enough to be on the road found themselves in an event that reads more like the script from a bad TV movie.

Didn’t they know this was coming, I asked? “Yeah,” he replied, “They knew it was coming, but by the time they reacted and got the salt trucks on the road it was too late.” As I hung up the phone I was still trying to reconcile how you could be aware of a major event taking place, and yet still be powerless to do anything about it. And only in the South would two inches of snow qualify as major, but that’s beside the point.

Predictive Security IntelligenceA side effect of having spent more than 20 years in the security space is that you start viewing everything through the lens of security and how it compares to the way we do things in the security world. So the more I thought about the Atlanta example, the clearer it became that the predictive argument that we’ve been making for the past couple of years is only part of the equation. While predictive remains a critical component of any competent security program, the question remains, what are you going to do with this information? When you think about it, the folks down in Atlanta who have responsibility for maintaining the roadways had some pretty strong predictive data, but failed to be proactive and do anything with it, leading to a commuting disaster of historical proportions.

Predictive security narrows the scope considerably and helps IT and security pros zero-in on the most likely vulnerabilities and areas most-at-risk due to the sensitive nature of the data they hold. However, this information alone is not enough to counter the threats that are out there. As we saw in our Atlanta example, information only holds value if you put it into action. So while predictive security is the first step, proactive security is the direction in which we need to be viewing our security efforts.

In the world of security, hackers have always, and will always, be one step ahead of those trying to thwart their efforts. So when solid intelligence becomes available, it is incumbent upon the security teams to take this information and act upon it. Sitting back and waiting to see if the data “checks out” is akin to keeping the sanders and the plows in the garage while the traffic piles up on the interstate.

Intelligence in the world of cyber security has a shelf life, as conditions and variables can change very quickly. Failure to act upon solid information can lead to missteps, or in the case of cyber security, a significant breach and all the associated costs that follow.

I’ve written extensively on the value of taking a predictive approach to security and I still believe that it is a critical step in creating an effective security program. But now I’m ratcheting that up a notch and laying down the challenge to both my development teams and to my peers in the industry to not only seek out the important data that will make them successful, but to act upon it in a timely way.

Back to Atlanta, it’s easy to lay fault at the feet of those charged with maintaining the roads and they absolutely deserve a good amount of criticism for failing to act on the data they had. But let’s take it a step further and think like a security professional. People living in the area had access to the data from the weather services; they understand they live in a city where this weather is unusual and that they are not well prepared to handle situations such as this. A proactive approach for them could have been working from home that day, putting off non-essential errands, etc. This would have significantly reduced traffic volume and helped to alleviate at least some of the day’s commuting issue. Taking ownership and proactively acting upon solid predictive data can help you avoid a lot of headaches, and traffic, down the road.

Advertisement. Scroll to continue reading.
Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...