Humans love a good story: it's how we've evolved as a species. We're always looking to make sense of the world around us by fitting random events into an overarching narrative of our lives to bring purpose and meaning. This gift of human storytelling can inspire us to great things, if we hear the right stories. But when it comes to the cyber-security industry, the tale we're told is based around the hacker as voracious hunter and the organisation as its prey. We desperately need a different story: a more honest narrative relying not on FUD but a recognition that the cyber-world is filled with chaos.
As IT leaders, we need to embrace that chaos and metaphorically run with the bulls rather than adopt a defensive, reactive posture against the hunter that stalks us.
The problem with FUD
The story of hunter and hunted screams out at us from every corner of the industry. But the media is only part of the problem. The vendor community must shoulder much of the blame for the way it hypes the threat of the shadowy attacker, hell-bent on destroying its prey. Whether it's a financially motivated cyber-crime operation or a nation state campaign, the dynamic is always the same: all the victim can do is react to the threat.
The threats themselves are increasingly being branded with their own ominous-sounding monikers, some even written in caps for extra dramatic effect. Over the past few years alone we've seen the likes of Spectre, Meltdown, Poison IVY, Heartbleed and many more dominate the headlines.
It's powerful imagery, and great fuel for marketing campaigns, but is it good for the typical organisation?
The narrative we're fed day after day by vendors, amplified by the media, leads to some dangerous assumptions. We've all seen enough wildlife documentaries to know that many gazelles do in fact manage to outrun the lion. We also know that by avoiding being the slowest in the pack, most can stay safe from harm. Following this narrative, many organisations set their sights pretty low when formulating cyber-security strategies: ensure your security is better than most of your competitors' and you'll likely avoid a serious breach.
This is a long way from where we need to be. Certainly, by improving threat intelligence, following best practice and industry standards and building a strong, skilled team of professionals you can improve your ability to outrun the lion. But it only works up to a point. As an industry we need to change the narrative altogether if we're to inspire the kind of proactive approach to cyber-security which organisations desperately need.
Running with the bulls
Embrace the chaos
So, what can you do to stay resilient amidst this chaotic landscape? Getting the basics right can go a surprisingly long way. That means defence-in-depth at endpoint, network, cloud server and gateway layers. Vulnerability scanning and management, two-factor authentication on user accounts, intrusion detection/prevention, next-gen firewalls, and effective incident response all play their part, for example.
But this is not a world where those investments are enough to guarantee your safety. It's a never-ending, highly unpredictable race where IT teams need to be on the front foot at all times, and ready to change direction as their enemy does. That's the best way to stay safe from the bulls — but be in no doubt either that you can't outrun all of them all of the time.
Contributed by Charl van der Walt, chief security strategy officer, SecureData.
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media UK or Haymarket Media.