Breach Preparedness , Cybersecurity , Data Breach
Security Leaders Respond to President's Keynote Address Amit Yoran, president of RSAAmit Yoran, president of RSA, the security division of EMC Corp., urges Asian organizations and governments to make a fundamental shift in their mindset and consider problems from a diverse point of view in responding to today's advanced threats.
See Also: Unite & Disrupt: Mitigate Attacks by Uniting Security Operations
"It's critical to challenge your perspectives and observe how advanced organizations start looking at the problem in all its accuracy," Yoran says.
He shared his insights as the keynote speaker at the launch of RSA Conference 2016 Asia Pacific & Japan in Singapore. The topic: how critical it is to start thinking out-of-the-box in understanding the nuances of breaches and threats and their impact on business (see coverage of Yoran's 2015 Keynote at RSA APJ: Asia Needs Resilient Cyber Defense).
"Stop relying solely on technologies in preventing attacks. It's time to create a cybersecurity program that links breaches and threats that impact business," he says.
Focus on Business Needs
Yoran set the stage for the conference, exhorting the industry that it's time for a strategy driven by business needs and not purely technological needs.
He expects practitioners to take proactive steps and quickly detect and investigate attacks. The reason: As per RSA's research, almost 90 percent of the organizations in APJ are not satisfied with attack detection and investigation methods.
What's irksome, he says, is that security professionals are suspicious of new technologies and unable to exploit the first-mover advantage.
"The industry's aware that technology serves as the single greatest leverage point, as it determines efficiency, competitiveness and can even transform markets and industries fundamentally," Yoran says. "Yet it's unable to exploit it to the fullest."
CISOs must realize they are dealing with focused adversaries with creativity, patience and persistence, who are unpredictable, with a wide range of tools at their disposal (see: Upgrading Security: Setting the Right Priorities).
"Attackers can orchestrate their attacks until they succeed. One should remember we are dealing with human ingenuity ... a powerful thing," he says.
He warns CISOs they will not magically find that next great firewall, sandbox or host armament that will keep adversaries out. Defense requires major overhauling - which is not happening.
Yoran suggests that may be because the choices are confusing, or doing something different might demand a new thought process. "But you can get good results by being bold and making changes to the existing processes," he stresses.
Adapt to Changes
While it's accepted that technology is foundational to defense, intelligence and civil services, it's also constantly evolving. CISOs must adapt to these changes fast, Yoran says. If not, they will lose out.
He maintains that executives and boards are asking more questions about cybersecurity than ever before. After all the money spent, they want to know the impact on business if there's a breach.
"CISOs must be prepared to address these questions," he says. "CISOs must understand to what degree security incidents impact business continuity, intellectual property and damage reputation."
Organizations should use analytics and detection methodologies and take advantage of improved visibility to help identify anomalies in the network, systems and user behaviour, he recommends.
"CEOs and boards don't care about whether the breach was caused by the Angler toolkit exploiting a vulnerability in Internet Explorer," he says. "What they do care about is overall impact to the business. We need to unite the details of security with the language of business."
Reactions from Security Leaders
Some security leaders and practitioners at the RSA Conference in Singapore say Yoran stated the obvious, while there are unique and daunting challenges specific to the region.
One security practitioner from the insurance sector, who asked not to be named, says an important question to answer is: "What are the actionable items recommended which directly impact the change or help make the change?"
Sydney-based Alex Holden, CISO of Holden Security Consulting, argues that Yoran's comments are not specific to the region and can resonate well with the western world. "The core issues on cybersecurity transcend geography," he says. "It was an inspiring talk, but the keynote should have been a more detailed call to action rather than general inspiration."
Bikash Barai, CEO and founder of Cigital India, says the keynote hit hard on core challenges affecting this region, resonating well with practitioners' concerns. However, it's hard to change culture - just building security awareness and urging a change in the mindset is not enough. "It's important to regulate the change and processes in a systematic manner," he says.
A philosophical approach will not have a major impact, Baraj says. Instead, a hard core strategy recommendation is what works.
Yoran says there are no ready answers. "But be curious and learn new nuances as you build your cybersecurity strategy," he says.
"Many struggle with red tape or leadership that doesn't yet understand or appreciate how your efforts differ from the regulatory compliance regimes," he adds. "Don't give up."