Are you prepared to combat security fatigue?
In our latest Concord Tech Talk, our expert panelists discuss the changing world of security.
You know security is important, but what are you doing about it? Leadership can’t expect the CSO or CISO to carry the full weight of a security program – you’ve got to have their back. In our latest panel session, we discussed how to combat security fatigue, shared tips to embed security into every aspect of your business, and made predictions about big trends on the horizon. Read on for the insights from this session as shared by panelists Jadee Hanson of Code42, David Young of Medica, and Rob Peterson of Concord.
Combating Security Fatigue
- While the cost of breaches over the last few years has gone down, the amount of breaches and number of records lost has vastly increased, which suggest we’re experiencing a form of “security fatigue.”
- Rather than sprinkling money everywhere, security teams need to be smart about allocating budget and mitigating risks. By continuously having a “what keeps you up at night” meeting, the team at Code42 brainstorms possible attacks and responses, thus helping to organize spend around bigger risks.
- Ultimately, risk is never zero and attackers always have the advantage. Focusing on fundamentals is key, considering unpatched software and compromised credentials are to blame in roughly 90% of breaches.
Embedding Security Within the Business
- Traditionally, the focus in security has been prevention – building the castle wall as high as possible. Instead, we have to focus on speed to detection and containment. Automation is a crucial component to making that happen consistently.
- A big, centralized security team is counterproductive to embedding security throughout an organization. Instituting decentralized security roles can help security get involved earlier in the process.
- Defenders think in lists and attackers think in graphs – thus, to successfully thwart an adversary, you have to think in their terms.
What’s the Next Security Trend?
- Malware was the original concern in security more than 15 years ago. Over time, it pivoted to include ransomware and, more recently, crypto-mining malware, and it will inevitably shift again. At its core, however, it’s still just malware.
- The role of the CISO will continue to evolve over time. Where the original goal was protecting the company and preventing data leakage, CISOs now aim to enable the business and improve productivity without putting the company at risk.
- Quantum computing will change IT and everything we do in the future, potentially rendering passwords completely useless. Much like the race to the moon, the race to achieve quantum supremacy is intense.
- Quantum Computing – Brush up on the basics of quantum computing and what it means for the security industry.
- Hack Graph – Learn more about how graph thinkers can identify potential attack vectors before they happen.