In the last few years, a decades-old problem has taken on a new name: cyberattacks. This is now in the top five global risks in terms of impact and probability [1]. The reason for this is well-documented: attacks have become far more personalized, leveraging the techniques and tactics first seen in nation-state APT attacks. For cybercriminals, focusing on getting a hold of the golden nuggets that make each business uniquely profitable, such as intellectual property, businesses process, and data, has far greater impact than the traditional generic attacks.
Likewise, we are sprinting toward a hyper-connected society, and companies’ dependency on technology in order to function and be profitable is increasing. Concerns around BYOD are being overridden by concerns of the much broader Internet of Things, whether that is wearables, mobile payments or connected cars.
It’s easy to see why this has become a topic that is high on national and global risk registers. There is a growing perception that failure is inevitable, breaches will happen, and attackers will get in. My question is: are we giving in too easily?
Human nature means we make mistakes, but, more importantly, that we learn from them. One of the most significant traits we have is determination. We cannot and should not overly focus on recovery. We must find a better way to prevent the problem in the first place. While we accept that road accidents happen, we don’t focus only on emergency recovery services. Instead we continue to evolve the safety measures to prevent harm and loss of life. As such, a key motivation for my joining Palo Alto Networks was to work for a company that is resolutely focused on innovating solutions to stop cyber incidents from occurring.
So what does the next evolution of preventing successful cyberattacks look like? We can learn a lot from technology’s own evolution. Historically, technology was built with a purpose in mind, but the implementation all too often failed, as it was built by engineers for engineers. Usability has become the key to success – if we cannot intuitively use the technology today, the likelihood is that it will fail.
Over decades we have built a broad spectrum of security components that each solve parts of the problem, some of which, I would challenge, are no longer fit for this purpose, while others still have significant value. However, the major challenge is drawing these pieces of the security puzzle together to detect and block the attack. This is a requirement, as most incidents today leverage multiple components in their lifecycle, and the challenge is being able to piece together the jigsaw puzzle to see the entire picture, when so much information is being generated by so many component parts. We have effectively evolved to something so unwieldy and complex that it is unusable. Fragmented solutions, creating so much noise that we become immobile, take too long and use too much processing power to give the complete view, causing the solution to become ineffective.
If we are to be as agile and dynamic as the adversaries we face in cyberspace, we must focus on usability and automation because our most scarce resource is undoubtedly people. Time and efficacy must be key metrics, as should the ability to recognise and gather multiple indicators of modern attacks across the diverse IT ecosystem. It is also necessary to dynamically correlate these against our own and our peers’ intelligence to quickly and accurately stop an incident before harm occurs.
As cars went faster, safety had to evolve. At no point did we give up and simply get more ambulances or insurance; life is too precious. In the same way, the cyber world is becoming increasingly dynamic and precious to society. We should not accept that breaches have to occur, but should strive instead to evolve our capabilities to ensure a safe online experience.
[1] http://widgets.weforum.org/global-risks-2015-interactive/risk-explorer.html#landscape///