Where next for Cyber Security?
This article was published by wsj.com
The cybersecurity services industry has come under scrutiny as cyberattacks proliferate, perhaps even more quickly than new cybersecurity companies. Conversations at the premier cybersecurity professional and hacker conferences, such as Black Hat, DEF CON and RSA, reflect this scrutiny as the industry looks ahead to how it needs to change. Cybersecurity, however, is not just a technology or resources problem, it’s also a leadership issue, and we need individuals who recognize the gravity of the challenges cyber threats pose.
So what should we expect, and where should the conversation go?
This summer, Black Hat USA will provide an excellent opportunity to revisit how to revamp cybersecurity for a networked world. This topic carries weight primarily because many leaders don’t yet recognize how central cybersecurity is to global security and prosperity. PwC discovered that only 61% of CEOs across 83 countries were concerned about cybersecurity. This number is far too low. To elevate this issue, Black Hat and other security conferences should focus on promoting this discussion of cybersecurity as a core business issue.
Another major development is cloud technology’s transformation of cybersecurity. PwC sees cloud technology as a tremendous opportunity and a critical solution for cybersecurity and privacy-related issues. And here’s why: the legacy systems that most people and businesses use are nearly impossible to secure absolutely because their technology is dated and their static, on-premises data infrastructures are harder to protect. At the end of the day, we see off-premises systems – those located at third party facilities and managed by experts in infrastructure and cloud management – as the safest option.
Too many security products are designed to cover the cracks in poorly constructed or decaying systems rather than to address the systems’ fundamental lack of structural integrity. The good news is that cloud security technology can address that fundamental structural issue, one reason behind its increasing adoption by cutting-edge companies.
However, to get to where we need to be, everyone must take action, from the C-Suite to the most junior employee, as I pointed out in a previous LinkedIn post following Davos.
Over the past two years, both the structured talks and casual conversation at security conferences have been focused on issues such as securing the Internet of Things, patching vulnerabilities in computer-equipped cars, and issues of privacy, encryption and government oversight. All of these conversations have made one thing abundantly clear – cyber threats are increasingly nuanced, frequent and effective. The cybersecurity landscape is evolving and we need to be changing to adapt and stay ahead. The private sector needs corporate leaders who recognize the gravity of the challenges cyber threats pose, who understand the powerful strategic and operational tools to meet that challenge, and who share their knowledge with their peers.
Security conferences are an important way to educate and engage an audience beyond the security professional and hackers of the world who attend. The most important conversation we can have is that cybersecurity can no longer be an aftermarket consideration. It needs to be built into every new network and infrastructure system. For example, the idea of collective problem solving would call for “crowdsourcing” information from beyond just cybersecurity professionals and would focus on the collective knowledge of individuals with diverse skill sets to identify and address where existing technologies are lacking and vulnerable.
These conferences strive to foster community building among different groups of people working on the same problems. They create an open space where ideas can be shared, people can connect, and collaboration can flourish, ultimately leading to better technology and stronger systems.
Allowing for this shift would broaden awareness of cybersecurity issues and encourage cybersecurity professionals to openly identify technological vulnerabilities in the search for creative solutions – exactly why security conferences are so important. Many conference attendees are hackers, extremely intelligent people who are curious, technically savvy, and tenacious. These are exactly the type of people who would be able to find and expose the vulnerabilities that exist between the technology and security layers in a system.
One of the greatest virtues of a community of hackers is the open and healthy dialogue they maintain about cybersecurity. This is also one of the keys to these conferences: understanding that when you give hackers and cybersecurity professionals the freedom to identify weaknesses and recommend changes, it leads to better technology and stronger systems. Conferences strengthen these communities that desire to hack for good, problem solve and improve systems.
Regardless of the topic discussed, cybersecurity conferences should be places of continued education and learning and the best opportunity we have to make a paradigm shift real. From keynote speeches to conversations among peers, it is nearly impossible to walk away from Black Hat or DEF CON not having expanded your understanding of the most important security issues facing our society today and the initiatives sparking inspiration to build the future of cybersecurity.