1. Cyber today needs to marry three major movements:
First, the large-scale adoption of big data. There is so much data and it is growing so rapidly that new security technologies need to learn to operate efficiently at this scale.
Second, privacy concerns are at an all-time-high. All that data needs to be properly utilized so as to not violate the rights of the actual data owners or subjects.
Third, cyberattacks are well funded and very frequent.Security technologies need to be able to handle massive scale data, keep it private while utilizing it, and make sure it does not fall into the hands of cybercriminals. Wow what an opportunity! I love that my company Portal26 addresses exactly this, but it is truly a good time to be in this industry.
2. The second trend that I find exciting is that innovation is more welcome now than ever before. In years past, when enterprises got successfully breached, one could point to cyber basics and offer that if only they had invested in the basics, things would have been different. This is not true today. Today we are seeing the best and most well funded organizations fall to cyberattacks.The world is desperate for innovation and those with clever ways to address the status quo will do very well.
3. Finally I love that women in cyber are getting the attention and respect they deserve. It is a good time to be here!
Three things that concern me are the following:
1. Comfort with incremental solutions:
It is unfortunate that most organizations are inclined to accept incremental improvements to their security posture when the challenges they face are dramatically more significant than their current posture can meet. There is a resistance to both accept the enormity of the challenge before them and then act to identify solutions.
2. Improper allocation of budget:
Study after study shows that attackers routinely bypass prevention technologies and lurk in enterprise networks for over 270 days and yet organizations spend most of their security budget on prevention technologies. There is simply not enough focus on the “assumed breach” posture. We need to have a strong answer for how we protect ourselves given the presence of attackers on the network.
3. Unnecessary bureaucracy:
Whether it is government or enterprise, it is simply too difficult to get innovative technologies to see the light of day in an efficient manner. It is almost as if the people in charge forget that attackers are not waiting for their 90 and 120 day plans to be completed, or for a two year rollout of their new security solution. I believe we can overcome these by identifying security leaders and using them to evangelize and adopt better philosophies in these respects. More education, more conversations, and more early adopters leading by example.
Data is the new gold. If we cannot keep it safe, we should not be using it–that train has already left the station. Data is and will continue to be accumulated at an accelerated pace. It is already difficult to bolt on security and with the increasing scale and complexity of big data, this will become nearly impossible in the years to come. Companies should look for ways to build applications and data stores that are natively secure from compromise. Breach-proof from birth! Cutting edge encryption-in-use (such as that provided by Portal26) along with traditional encryption will be the key to the secure-by-design approach that is needed.