Connect with us

Hi, what are you looking for?


Management & Strategy

Cyber Insecurity: Can We Take Up Arms Against a Sea of Troubles?

Fears around IT Security

“Whether ’tis Nobler in the mind to suffer The Slings and Arrows of outrageous Fortune, Or to take Arms against a Sea of troubles, And by opposing end them” – Shakespeare, Hamlet, Act III, Scene I

Fears around IT Security

“Whether ’tis Nobler in the mind to suffer The Slings and Arrows of outrageous Fortune, Or to take Arms against a Sea of troubles, And by opposing end them” – Shakespeare, Hamlet, Act III, Scene I

Insecurity of any time stems from a common psychological cause — fear.  Fear is generally a reaction to something immediate that threatens your security or safety, triggering a sense of dread, alerting you to the possibility that your physical self might be harmed, which in turn motivates you to protect yourself.

This negative emotion is amplified by an inability to take action, to impose action that removes or prevents fear itself.  Fear itself can harm one’s judgment and prevent teams from taking action.

There is a parallel in today’s overheated information security environment.  The breach-a-minute pounding corporate and information technology professionals face every day can make many of us feel like Hamlet: fearful, paralyzed not sure what is the best course of action to take. The overwhelming number of reports detailing the scape and scope of breaches, the enormous troves of confidential and national security information, and the speed and sophistication of shadowy enemies is enough to make you want to put the pillow over your head and not get out of bed in the morning.  Indeed, more and more money has been spent on perimeter and mobile security, yet companies believe they are less secure.

Taking a directed course of action can not only strengthen a company’s cyber defenses, it can also re-establish confidence in IT systems overall.  It is important to have a strong focus on the data center, where the crown jewels of information assets are stored and under attack by cyber Willie Suttons.  As I outlined in a prior column, IT teams must move to incorporate new security measures beyond the traditional approaches.

To help build both effectiveness and confidence in data center and cloud security information security must broaden its base to eliminate the gaps and weaker processes.  Here are four organization and technology initiatives that can strengthen both security and confidence in the IT and business community.

1. Security must not be run in a silo. While security teams play the most critical role in assessing corporate risk and setting policy, there must be leadership and shared responsibility across various IT functions.  It is critical that other IT functions understand and support security initiatives as early as possible.  Knowledge is power.

Advertisement. Scroll to continue reading.

2. Security must adapt to today continuous delivery model.   Businesses need to run fast and have adopted agile, orchestrated methods of application development.  If security capabilities can keep up, the entire enterprise can have more confidence. Instead of being seen as a form of inertia to application delivery, security can become a catalyst.

3. Breaches must be found rapidly.  Systems must be engineered for constant visibility and notification of policy violations in the case of a breach.  This means that IT teams must be presented with specific and actionable intelligence and not an endless row of notifications that cannot take action on in a timely fashion.

4. Containment is as important as discovery.  It is nearly impossible to engineer – or to claim to engineer – a data center security approach that will prevent all forms of breach.  The damage of a breach will be mitigated by the effectiveness of the containment system. The ability to contain a bad actor with a single click should be the goal.

We certainly live in interesting, even dangerous times.  But we can “take up arms against a sea of troubles,” restore confidence in our IT systems, and lower our emotional and actual exposure to cyber insecurity.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...