In Cyber Security’s Third Phase People Not Technology Are The Focus – Charles Leaver

By | July 29, 2015

Written By Kyle Flaherty And Presented By Charles Leaver Ziften CEO

Cyber attack effect on companies is often simple to determine, and the vendors of tech solutions are constantly flaunting different stats to show that you need to obtain their latest software (including Ziften). But one statistic is really stunning:

In The Previous Year Cyber Crime Cost Businesses $445 Billion And Cost 350,000 People Their Employment.

The financial losses are simple to take on board despite the fact that the amount is substantial. But the 2nd part is worrying for all involved with cyber security. Individuals are losing their jobs because of what is occurring with cyber security. The situations surrounding the employment losses for all of these people is unknown, and some could have deserved it if they were negligent. But the most intriguing thing about this is that it is well understood that there is a shortage of skilled individuals who have the ability to fight these cyber attacks.

While people are losing their positions there is likewise a demand that more skilled people are found to prevent the ever increasing hazard of cyber attacks. There is no argument that more people are required, and they have to be more skilled, to win this war. But it is not going to occur today, tomorrow and even this year. And while it would be fantastic if a truce could be negotiated with the cyber attackers till these resources are readily available, the truth is that the battle needs to go on. So how do you win this war?

Utilize Technology To Enable, Not Disable

For several years now vendors of security tech have been offering technology to “prevent and obstruct” cyber attacks. Then the suppliers would return afterwards to offer the “next generation” solution for preventing and stopping cyber attacks. And after that a couple of years later they were back once again to sell the most recent technology which focussed on “security analytics”, “risk intelligence” and “operational insight”.

In every scenario businesses acquired the latest technology and then they had to add on professional services or even a FTE to operate the technology. Naturally each time it took a significant quantity of time to get up to speed with the brand-new technology; a group that was experiencing high turnover because of the competitive nature of the cyber market. And while all this was going on the attacks were becoming more relentless, more advanced, and more routine.

It’s About People Utilizing Technology, Not The Other Way Around

The problem is that all of the CISO’s were focussed on the technology initially. These organizations followed the classic model of seeing a problem and developing technology that could plug that hole. If you think of a firewall, it actually constructs a wall within technology, using technology. Even the SIEM technology these companies had installed was focused mostly on all the various connectors from their system into other systems and collecting all those details into one place. However what they had instead was one place since the technology centric minds had forgotten an important element; individuals involved.

People are constantly good at innovating when faced with risk. It’s a biological thing. In cyber security today we are seeing the 3rd phase of development, and it is focused on individuals:

Phase 1 Prevent by building walls
Phase 2 Detect by constructing walls and moats
Phase 3 View, inspect, and react by examining user habits

The reason that this has to be focused on people is not just about skill scarcities, but due to the fact that individuals are truly the issue. People are the cyber hackers and also the ones putting your organization at risk at the endpoint. The technologies that are going to win this fight, or at least enable survival, are the ones that were built to not only boost the abilities of the individual on the other side of that keyboard, however likewise focus on the behaviors of the users themselves, and not merely the technologies themselves.

 

Leave a Reply

Your email address will not be published. Required fields are marked *