Decade-old strategies haunt the practices and application of cybersecurity. The actions of threat actors, however, evolve and they evolve quickly.
“I think we need a new mindset,” Shawn Bice, corporate VP of cloud security at Microsoft, said Wednesday during Rubrik’s virtual Data Security Summit. “We’re under threat every day, but the future of cybersecurity requires us to fundamentally shift how we think about this space.”
A stubborn reliance on outdated conventions puts cybersecurity practitioners at a disadvantage when confronting modern modes of attack.
This problem extends to, and is exacerbated by, the term security itself, which Bice described as “a bit of a misnomer.” The definition of security — free of danger or threat — could lead to the wrong approach, he said.
“This is a game with no agreed-upon rules. Players can be known or unknown, and frankly winning is just staying in the game,” Bice said. “This is why it’s crucial to have the mental model that cybersecurity is a problem you manage.”
But the counterpoint is, cybersecurity is not a problem that can be solved.
As the technology landscape evolves to power modern applications and systems, organizations frequently use software from multiple cloud vendors. Combine that with on-premises hardware and software accessed by a massive remote workforce, and it’s easy to see why the attack surface is so profound, Bice said.
“These parallel forces present more risk to our data than I’ve ever seen,” he said. “To protect against this vast threat landscape, everything must be secured. I don’t think we have this option of just picking and choosing what we secure. Everything needs to be secured.”
To that end, Bice said organizations need to better collaborate and openly share threat intelligence to make cybersecurity tools work more effectively across environments. Data resilience and recovery are also essential to managing risk, he said.
“Attacks can’t be 100% prevented,” Bice said. “I wish they could but they just can’t, and we have to think about resilience. We have to keep operating a business even while it’s being attacked.”