A Cybersecurity Christmas Story

In the spirit of the holiday season and after a weekend marathon of watching the greatest Christmas movies ever made, I offer the following observations for my fellow cybersecurity friends and those chartered with defending critical assets.

CISO Ralphie Parker wants only one thing for Christmas: a Red Ryder Carbine Action 200-shot Range Model malware BB gun. Ralphie's desire is rejected by his CIO, his CFO, and even a department store Santa Claus security consultant, all of whom give him the same warning: "You'll shoot your eye out."

Christmas morning arrives, and Ralphie dives into his presents, opening a bunch of new cybersecurity tools. Although he receives some tools he enjoys, Ralphie is ultimately disappointed that he did not receive the one thing he wanted more than anything. After Ralphie thinks that all the presents have been opened, his father and CEO directs him to look at one last gift that he had hidden. Ralphie opens it to reveal the coveted Red Ryder malware BB gun.

Ralphie takes his new malware gun outside and fires it at the latest malware of the day. However, the BB ricochets back at Ralphie and knocks his SIEM glasses off his face. While searching for them, thinking he has indeed shot his eye out, Ralphie accidentally steps on his glasses and breaks them. To cover up the incident, Ralphie tells his CIO that a falling icicle was responsible for the cybersecurity breach.

We have all seen leadership become fascinated with the latest cybertool of the day and decide to throw it into the mix of existing tools, only to have things quickly go awry. Visibility, manageability, and interoperability are not often the primary goals when adding a new capability, making a difficult situation more complex.

While it is paramount that businesses and governments remain agile and competitive in our new reality, they also need to stay within acceptable levels of operational risk. Three overarching challenges continue to drive security strategies:

1. There is more to defend, and the information footprint has expanded beyond the control of IT. We have gone from 25 to over 500,000 new threats per day in the last decade. Users are bypassing IT with cloud services and personal devices; many “users” are IoT and other specialized endpoints; more traffic is encrypted and invisible to IT; and massive amounts of data are moving to the cloud.
2. We cannot move fast enough, despite seemingly significant efforts and investment. It is not unusual to take months or even years to detect a security breach. Containing and remediating a breach can take a long time, giving adversaries too much leeway to achieve their objective and inflict financial and reputational damage.
3. Workforce resources are not keeping pace with the increased volume of attacks and sophistication of adversaries. More than 60% of organizations report that their security department is understaffed. Within four years, we will have a shortfall of nearly 2 million qualified cybersecurity professionals.

We recently surveyed over 2,000 IT security decision-makers around the world, and when asked what it would take to overcome these security challenges, they split roughly in half into two very different groups:

One group favored a best-of-breed approach, believing that self-integration of disparate technologies with manual processes delivers the best security outcomes. This is the traditional “defense in depth” school of thought, assuming that technology diversity drives a better overall security posture using human capital to make the parts into a system.

The other group favored an integrated platform approach, believing that an open and integrated security framework enabling consolidation and automation yields better overall security results. This group sees efficiency as a key component to success.

When you run the numbers, it becomes clear that we cannot solve the growing complexity and risk equation by throwing more people at the problem. Not only is there not enough grey matter to go around, the speed and scale of the problem demands the combined advantages of human and machine processing. Automation and orchestration will be essential components of security in 2017, and Ralphie needs to rewrite his Christmas list.