As we shared during our Tech Security Seminar, this is an exciting time to be a technology or IT security professional.
The rapid proliferation of mobile devices has resulted in an exponential increase in endpoints that need to be accounted for, as well as a massive increase in threat vectors. The continued consumerization of technology is pushing us to a world where anyone can create and launch software. More specifically, the velocity at which software is being developed and rushed to market frequently results in increased software vulnerabilities and increased risk. And, finally, the inclusion of nation states and organized crime to the ranks of “hacker” have resulted in a level of attack sophistication that traditional security approaches can simply not match.
Machines are now starting to replace the stereotypical angry “nerd,” launching small, targeted attacks from the comforts of his or her basement. Quite simply, the traditional “bagel defense” (hard on the outside, but soft and chewy in the middle) is sorely inadequate in this day and age of cyber threat.
To combat these challenges, it was encouraging to see that ORION and its community are on the right track. We are actively developing the roadmaps and strategies that are required to combat these very real and very formidable issues. For further discussion, here are some key takeaways that resonated with ORION’s community:
There is NO Silver Bullet!
While there are some exceptional solutions out there, there is no single product or function that can effectively help you address modern cyber threats. In order to provide a comprehensive security strategy, you need a stratified approach that identifies the complementary tools, techniques, and partners required to mitigate these growing risks. If you hope to solve this escalating problem by simply purchasing the latest and greatest firewalls, well, good luck to you…
A Culture of Security is Key
As fun as it is to assess the latest and greatest breach detection capability (the “geek” in me can’t help but get giddy with regards to new tech!), the vast majority of breaches are caused by misplaced mobile devices or penetration opportunities (good ol’ fashioned phishing scams). Breaches, therefore, are more likely to come through human error: a simple lack of understanding about cyber threats. As such, it is of paramount importance that an entire organization – dare I say community – understands the potential breach points, as well as the best way to help mitigate the risk. Fundamentally, cybersecurity is an organizational risk mitigation function and NOT a problem that can be solely addressed by your IT department.
You Can’t Catch What You Can’t See
Visibility and telemetry are, arguably, the most important foundational elements required in order to build out an ability to deal with modern cybersecurity concerns. To a certain degree, this level of capability needs to be in place BEFORE one can even start to develop a successful roadmap. Without the ability to see what’s going on within your respective environments there is little hope of identifying and prioritizing the enhancements required to protect your organizations.
But of all the fantastic ideas and discussion that occurred at the seminar, the one piece that stood out to me more than any of the others was the strength and collaborative nature of our community.
Being relatively new in my role as ORION’s director of engineering and network operations, I already expected to find a vast number of bright and talented people in the research, education and innovation space. However, what I did not expect to find was the incredible, open and collaborative nature by which this community operates. This is immensely powerful and results in an ecosystem of ideas and capabilities that rivals some of the most talented commercial brands on the planet. Quite simply, it is awe-inspiring.
For this reason, ORION looks forward to hosting more discussions that allow us to help showcase the talents of this rich and powerful community. Based on the strength of your feedback, we hope to continue the conversation – we’d love to hear from you. To do so, fill out the form below and tell us your ideas on technology topics, technical innovation, and how you might want to participate in sharing these ideas. Your input will help shape future community-led opportunities, fostering this strength of collaborative talent.