Did you know the State of Georgia has more than 115 information security companies that generate over $4.7 billion in annual revenue? Moreover, five of 2016’s Cybersecurity 500 are based in Atlanta, which has been a growing hotbed for security technology and innovation. I was fortunate to attend last week’s sold-out MIT Enterprise Forum Atlanta panel discussion at TechSquare Labs – 2017 Trends in Cybersecurity: Atlanta’s Leading Cybersecurity Founders and CEOs Respond to Global Challenges.
The panel consisted of Mike Cote, President and CEO of SecureWorks; Sanket Patel, CEO of Securolytics; David Thomas, CEO of Evident ID; and Jeff Spence, CEO of NexDefense. The conversation was moderated by Glenn McGonnigle, General Partner at TechOperators. The expert panel discussion covered a range of topics and I’ve summarized the key takeaways below.
I. Cyber Talent Shortage
- The problem is not that there are not enough smart technical people, it’s that there are ‘more bad guys than good guys’.
- The talent shortage is not easily solved; however, a new trend is emerging where security companies are now starting to work together for the first time. Instead of seeing each other purely as competitors, they are now becoming collaborators.
“It’s not a technology problem, it’s a people problem” – Mike Cote via @MIT_EF_ATL Cybersecurity event pic.twitter.com/MLNjPIyoOA
— Christian Devlin (@cdev20) February 10, 2017
II. Evolution of Cyber Threats
- Cyber threats will expand laterally into Internet of Things (IoT) devices. If you think of the evolution of financial transactions, people started working with bank tellers, then ATMs, and now they do most of their banking on their mobile devices.
- Endpoint devices are notoriously insecure (e.g. unpatched, running old OS version.)
- Today, there is a lot of data sitting on vulnerable endpoints that can be hacked, copied, and aggregated.
- These problems will not be solved by public policy and are better addressed by government agencies with the resources to identify and mitigate cyber threats.
Did you know 4.2 billion records were breached last year as compared to 1.1 billion in 2013? The enemy is becoming more sophisticated.
— MIT EF Atlanta (@MIT_EF_ATL) February 10, 2017
III. Internet of Things
- What is different about the IoT landscape is that it is the first rapidly deployed technology that did not originate through major organizations or corporations first. Unlike desktop computers, laptops, and even phones – IoT devices are direct to consumer. Which means:
- No rigor around IoT deployment
- Use default passwords
- Insecure wireless connections
- Easily hacked
- Devices are shared
- No good framework for determining permissions and access for these devices
- Need “Identity of Things” to manage the “internet of things”
- Why do organizations use Mobile Device Management software?
- Because smartphones and tablets exposed gaps in network security
- These devices have exploded the network perimeter, yet companies are still operating under the old mindset.
- Today’s reality is that devices have to protect themselves.
- No rigor around IoT deployment
Alexa is always listening…CEO of @securolytics Sanket Patel warns that your favorite Christmas gift is a #CyberSecurity risk. pic.twitter.com/kUVBrYbiXj
— MIT EF Atlanta (@MIT_EF_ATL) February 10, 2017
IV. Evolution of the Chief Information Security Officer Role (CISO)
- Boards need to understand their responsibilities and the risks
- As Boards mature in their understanding, they are changing and so is the role of the CISO
- CTO role used to include CISO function, the CISO role has been (largely) spun off into an independent role
- CISO owns both physical and cyber security and the standards for CISOs are rising rapidly
- CISO reporting relationship is moving out from under the CIO and reporting directly to the CEO
- CISOs are now responsible for conducting external analysis of security and getting expert opinion
It is a Board of Director’s fiduciary duty to mandate security responsibility throughout their organization. @SecureWorks #CyberSecurity
— MIT EF Atlanta (@MIT_EF_ATL) February 10, 2017
V. Industrial Control Systems (ICS)
- There is a massive convergence of IT devices with Operating Technology (OT), which used to be air gapped. Today, we are connecting these devices to the network usually via wireless.
- One of the reasons that OT devices have not been hacked as much, is that these devices use different protocols that are not as well known.
- Another reason that OT devices are not as much of a target is that it’s very hard to bring down the power grid, which limits any financial gain.
- Security issues in the ICS world generally have less Board visibility than other industries, although that is starting to change.
Fascinating insights & discussions on trends in #CyberSecurity. From 2016 election cyber attacks, AI, ransomware, @Yahoo hack to IoT. pic.twitter.com/sy4RopfZEY
— varada bhat (@varadabhat) February 10, 2017
As the cybersecurity landscape rapidly expands and evolves, company leaders must be the drivers of innovation and the champions of effective cybersecurity practices. Understanding the threat landscape and conducting ongoing cybersecurity training is a key component to preparing your company for the future. Equally as important is developing the correct architecture and infrastructure to manage your organization’s security efficiently and securely. Learn how your organization can Take the Chaos Out of Access Control by joining us for a live webinar on Thursday, February 23, 2017 at 11AM EST. Seats are limited – register TODAY!
Click here to register for Taking the Chaos out of Access Control [webinar]
Photo credit: Twitter
By going to work quickly to solve the most challenging cybersecurity and identity management problems, Idenhaus takes the pain out of securing corporate information and assets for companies that aspire to maximize their potential in this digital age. Contact us today!
