• DMCA
  • Terms and Conditions
  • Privacy Policy
  • Contact Us
  • Whitelist
Monday, May 23, 2022
Survival Society
  • Home
  • Naval Survival
  • Land Survival
  • Survival Strategy
  • Defense
No Result
View All Result
  • Home
  • Naval Survival
  • Land Survival
  • Survival Strategy
  • Defense
No Result
View All Result
Survival Society
No Result
View All Result

Why Your Business Must Put “Cybersecurity First”

wbstadm by wbstadm
October 27, 2021
in Uncategorized
0
Why Your Business Must Put “Cybersecurity First”

This is Part 4 in our four-part blog series for Cybersecurity Awareness Month. Read Part 1 | Part 2 | Part 3.

For the longest time security has been about developing defenses around innovation that has already happened, forcing security to continuously play catch up — a false strategy that has been exploited by adversaries for years. To discuss this issue and why security first is so important, we got time with CrowdStrike’s executive leaders Mike Sentonas, Chief Technology Officer, and Amol Kulkarni, Chief Product and Engineering Officer. 

To start, how did we get here, and what is the biggest challenge for security professionals who are trying to elevate security as a business priority?

Amol: Security is too frequently an afterthought and almost always it is underfunded to the extent that it becomes ineffective very quickly as the threat landscape evolves. We need to get the right attention to the real issues that need to be tackled. Although awareness among company boards has increased recently, it is still too little, too late.

Mike: Agreed and it won’t be long before the idea of “boardroom issue” becomes a cliché. In the 2021 World Economic Forum Global Risk Report, cyber risk is highlighted as a global risk. Instead of asking “how do we not get breached?” organizations should be asking “how do we address security long term?”. From a security perspective, security professionals have not done enough to align security with the rest of the business and get the rest of the business to think of security as a key element enabling their core business operations rather than being another cost.

What has that attitude led to, where are we now, and how has it impacted the perception of security?

Amol: Historically cybersecurity has been implemented as an external control, and the word “control” itself highlights the approach security teams have had to take. Rather than working hand-in-hand with the business to bake in security from the get go, with a joint one-team approach, the external control approach has caused security teams to be seen as adding friction and delaying the time-to-fruition of the business ideas. The other problem has been the quality of legacy security products which were designed to be reactive to new threats and were not sensitive to the overhead on the end user. Due to this, security products became a target of criticism and blame from end users as they blocked people from doing their day-to-day jobs well.

Mike: Many elements of cybersecurity have had some negative trade-offs on user experience or placed an additional mental tax on end users. A good example of bad user experience is legacy AV software that took up significant amounts of system resources, caused painfully long system boot times and often brought entire systems down during intensive scanning. Mental taxes are readily apparent when considering things like proper password hygiene. Policies often required users to remember multiple long and unique strings, and to add insult to injury they would all regularly have to change without reusing any old ones.

So, it is pretty obvious from what you have just said that the shift to a security first/security transformation approach is the right one. What does security transformation mean to you, and how will it change the perception of security?

Mike: I see two key themes in today’s ongoing security transformation. The first is the rapid adoption of working from home. This has necessitated a shift from traditional perimeter security to a more modern cloud-native approach with heavy reliance on identity and Zero Trust to close new gaps. 

The second is the adoption of IT and development practices that integrate security into their design as a core foundational requirement rather than adding it in as an afterthought. Nowhere is this more readily apparent (and valuable) than in the DevSecOps paradigm. 

As we have discussed above, cybersecurity has had a reputation as an inhibitor due to negative trade-offs associated with older technologies and techniques. Today’s security transformation can take advantage of more modern approaches that provide enhanced security benefits without many of the inhibitors. For example, modern Single Sign On (SSO) technology allows for secure access to and seamless management of multiple services without requiring users to remember unique passwords for each.

Amol: My opinion is similar to Mike’s. It is thinking about and baking in security from the start of every business initiative. It is using security platforms that are designed to be proactive to stop breaches and which don’t drown the SOC in false positives or cripple end users with too much overhead. They should be so efficient as to be practically invisible to the end user and should show actionable alerts to the SOC teams. But most importantly it is about giving security the needed importance and appropriate budget so that security teams can be truly empowered to stop breaches.

This transformation can make cybersecurity teams and products be friends of people and businesses. They would be seen as enabling business to reduce risk and deliver new initiatives confidently without potential breaches down the road. Security products would be seen as essential enablers of business agility, working at DevOps velocity to implement DevSecOps. This will then attract a lot more talent to cyber security to help bridge the skills shortage.

Thank you gentlemen. To wrap up, can I ask you for your one top tip for how to start the security first adoption?

Mike: Shift their thinking from cybersecurity as a cost to a savings in the form of reduced downtime, decreased business interruption and long-term protection of their brand and customer relationships. Explain to them how much cheaper and easier it is to integrate good security practices from the beginning rather than bolting it on later as an afterthought, or put another way, preventing ransomware from impacting is always cheaper than cleaning up ransomware that has crippled the organization.

Amol: Businesses should ask the security practice what the threats are and understand them thoroughly. Include security as a critical aspect similar to performance, scale and efficiency from the get go. They should also hold the security experts accountable to ensure the threats are real, and the analysis is pragmatic because perfect is the enemy of good. Lastly, the businesses should ensure the security recommendations don’t cripple the day-to-day life of end users or add too much friction to the business.

Additional Resources

Source
Why Your Business Must Put “Cybersecurity First” is written by Mike Sentonas – Amol Kulkarni for www.crowdstrike.com

Previous Post

Drone Attack In Syria May Be Warning Of Things To Come – Breaking Defense Breaking Defense

Next Post

2021 Cryptojacking Trends + Investigation Recommendations

Next Post
2021 Cryptojacking Trends + Investigation Recommendations

2021 Cryptojacking Trends + Investigation Recommendations

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter

Categories

  • Defense
  • Land Survival
  • Naval Survival
  • Survival Strategy
  • Trending
  • Comments
  • Latest
Army modernization programs need to put ‘points on the board’: Acquisition chief – Breaking Defense Breaking Defense

Army modernization programs need to put ‘points on the board’: Acquisition chief – Breaking Defense Breaking Defense

February 17, 2022
Lockheed Martin walks away from $4.4B Aerojet Rocketdyne acquisition – Breaking Defense Breaking Defense

Lockheed Martin walks away from $4.4B Aerojet Rocketdyne acquisition – Breaking Defense Breaking Defense

February 14, 2022
Starting Seeds, The Easy And Smart Way Off The Grid News

Starting Seeds, The Easy And Smart Way Off The Grid News

March 11, 2022
China’s Third Aircraft Carrier Takes Shape: CSIS – Breaking Defense Breaking Defense

China’s Third Aircraft Carrier Takes Shape: CSIS – Breaking Defense Breaking Defense

June 16, 2021
After DoD’s $1.5B move, Army and Marines rush to buy new Javelins, Stingers

After DoD’s $1.5B move, Army and Marines rush to buy new Javelins, Stingers

0
Workplace Hate Crimes | Carol Cambridge

Workplace Hate Crimes | Carol Cambridge

0
Situational Awareness | Carol Cambridge

Situational Awareness | Carol Cambridge

0
Survival Mindset vs. Victim Mentality

Survival Mindset vs. Victim Mentality

0
After DoD’s $1.5B move, Army and Marines rush to buy new Javelins, Stingers

After DoD’s $1.5B move, Army and Marines rush to buy new Javelins, Stingers

May 6, 2022
A Littoral Combat Ship deploys to 6th Fleet for the first time

A Littoral Combat Ship deploys to 6th Fleet for the first time

May 6, 2022
For first time, France talks openly about sending weapons to Ukraine

For first time, France talks openly about sending weapons to Ukraine

May 5, 2022
Marines’ new aviation plan in the works: General – Breaking Defense Breaking Defense

New Marine Corps aviation plan makes ‘digital interoperability’ a top priority

May 3, 2022

Archives

  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • August 2019
  • July 2019
  • May 2018
  • April 2018
  • DMCA
  • Terms and Conditions
  • Privacy Policy
  • Contact Us
  • Whitelist

© 2021 All Rights Reserved survivalsociety.com

No Result
View All Result
  • Home
  • Naval Survival
  • Land Survival
  • Survival Strategy
  • Defense

© 2021 All Rights Reserved survivalsociety.com