B2B IT Forum: How Cybersecurity is being handled today and a look ahead
With all companies now targets of cyber-attacks, and the average cost of a successful attack rising to $4 million, the demand for security talent is at an all-time high. But while cyber security jobs are up 74 percent in the last five years, more than 209,000 cyber security jobs in the U.S. are unfilled. To add to the complexity, this problem is asymmetric: a hacker only has to be right once while critical data must be protected 100 percent of the time.
Last night, we asked our expert panel from Trustwave, AMAG Pharmaceuticals, Cybric, IBM Security & Mobile, State Street, and CloudLock about challenges and trends in the space and what has changed over the last five years to merit such an upward spiral in the cybersecurity space.
According to Josh Bregler, senior director and security architect at AMAG Pharmaceuticals, “compliance models aren’t keeping up with the attackers.”
“The complexity of the threat,” said Mark Morrison, SVP & CISO, State Street. Hackers are looking to exploit vulnerabilities, he continued. The issue lies in having the resources to do basic blocking and tackling. And this is not a small feat, considering that the number of bad guys outnumbers the good, and they’re nothing if not clever.
So, how do we solve the issue of cybersecurity?
Security does need to have a bigger piece of the IT budget, however this is not a problem companies can spend their way out of, said Morrison who estimates that IT security represents about four to six percent of the overall IT budget at an average company. Most of our panel agreed that training – across the board – is a huge component of keeping mission critical data safe. And not just the training of IT folks. State Street’s 50,000 employees are being told “see something say something. They’re becoming Cyber Sensors.”
Hackers often get in through back channels and human action is often the reason. Employees can be sloppy; they need better security hygiene. They open phishing emails. They plug in USB thumb drives from insecure sources. They leave computers in cars. All this makes companies vulnerable. According to Morrison, 70 percent of hacks come in via known vulnerabilities.
“Cybersecurity needs to be a way of life,” said Ron Zalkind, founder & CTO, CloudLock, “not just our job.”
The entire panel agreed: our generation needs to ingrain the importance of cybersecurity within our children in order for them to fully grasp the criticality of it – and act on it.
Another question posed to our panel: is cloud the answer?
Almost everyone agreed that it really depends on the situation. “There is no silver bullet for security,” said Bregler, whose company, AMAG, is 100 percent cloud-based. Companies using legacy infrastructure aren’t going to be able to move everything to the cloud. Ernesto DiGiambattista, founder and CEO of Cybric, believes that trusting a third-party to secure your company (such as a managed service provider) sounds like a simple solution, but the reality is that this is very complex and companies need to view the risk holistically.
At the end of our session, we asked panelists what technologies they are excited and/or hopeful about.
Analytics that can help spot anomalies is what Ron Zalkind is excited about. John Amaral, SVP Product Management, Trustwave, believes that organizations can have all the right technology, but need to improve execution and this is critical.
Michael Loria, VP corporate and business development at IBM Security & Mobile, says there’s no going back. Tactics and defense are going deeper, and he looks forward to a new defense and depth strategy.
DiGiambattista says the first piece is about how data is just everywhere today, bringing new risk issues. But regulators are becoming much more stringent and CISO’s are becoming much more aggressive. They’re VERY concerned about risk. “It’s about orchestration in the automation.”
State Street’s Morrison thinks it’s important to determine what to protect and why, and realize you won’t be able to protect everything.
Thanks to all our panelists for a great discussion and stay tuned for our next IT Forum in the first half of 2016.