SAN FRANCISCO – Cybersecurity is a tough job, one that most readily admit is getting more difficult amid a barrage of threats and attacks, but this poor outlook is often mixed with a sense of optimism.
A genuine hope that things are getting better was at least floating on the surface in discussions around the periphery of the RSA Conference last week. For one keynote on stage, it was the central theme.
“Breaches have almost become normalized. It’s hard to judge anyone for thinking or feeling this presumption of failure. I get it, and it’s only getting harder,” said Lee Klarich, chief product officer at Palo Alto Networks.
And yet, Klarich refers to himself as an optimist. “I think in cybersecurity that might be somewhat rare. You see, I actually believe security is solvable. I actually believe that this is a winnable battle.”
Technology advancements in the cloud and artificial intelligence, which allow security architectures to collect and use the best possible data to thwart attacks and bolster defense via natively integrated platform capabilities, give Klarich hope.
Hope also, at least in part, is fueled by ambiguity. Most companies that have been breached or hit by a cyberattack are not well known brands. For every attack on a household name brand there are hundreds of others that go largely unreported.
“Humans are bad at judging risk,” John Shier, field CTO of commercial at Sophos, told Cybersecurity Dive. “When you’re listening to the news, if you hear about these big bad things that are happening over there, they can’t possibly happen in my backyard, right? And it’s the same thing with cybersecurity.”
Optimism demands action
It’s not enough for Klarich to be optimistic — others have to believe better days are ahead and change how they behave as well.
“We need to be willing to accept just a little bit of risk for a lot of cybersecurity, but that’s not how things generally work today,” Klarich said.
A glut of security point products anchored to environments, rather than platforms, and a mindset that prioritizes compliance above security are delaying the more protected future Klarich and others aspire to realize.
“We have to start to become much more prescriptive in how to accomplish the outcomes that are needed. It is not enough to provide 100 different options,” Klarich said. “To truly transform cybersecurity, we have to provide the path.”
Klarich, who admittedly takes a higher dose of optimism than most, wasn’t alone in offering a hopeful outlook during the RSA Conference.
John Dwyer, head of research at IBM Security X-Force, told Cybersecurity Dive he’s never felt better about security.
“We’re never going to solve cybersecurity,” Dwyer said, “but I think that there’s more buy-in and investment into understanding how critical it is for every organization and every government.”
IBM Security clients last year got better at detecting backdoors than ever before, Dwyer said, referencing findings released in the latest IBM Security X-Force Threat Intelligence Index.
“We got good news for the first time in the threat index,” Dwyer said. “Every single ransomware attack has a backdoor involved. What we found is that our clients actually got better at detecting the backdoor before it became ransomware.”
This data point doesn’t negate the fact there’s a long way to go, but Dwyer finds hope in improved detection capabilities and the amount of organizations that are approaching security properly for the first time.
“I do feel that there has been a shift over the last five years where people are taking it more seriously,” Dwyer said.
Therein lies the seedling of hope for many in the cybersecurity industry. The professionals that develop, analyze or apply security tools to strengthen defenses are confident they know what needs to be done, and take solace in the fact execution and wherewithal might be the greatest impediments confronting defenders.
“I want to be hopeful because I know that there are ways we can move some of these needles to zero. We can reduce the amount of exploits that are being used. We can reduce the amount of [remote desktop protocol] being abused,” Shier said.
“We can materially impact for the positive,” Shier said. “But there’s got to be a will to do it.”