Modern field guide to security and privacy

Opinion: It's time to upend the cybersecurity business

We’ve embraced data analytics. We build and deploy a cascade of security tools. Why isn’t the security industry winning? It’s time for security strategists to sift, read, and respond to threat data differently.  

|
Reuters/File
An upside down car art installation in London by British artist Alex Chinneck.

More than 1,200 new security companies have been founded in the past five years. Investors assign them record valuations. Domestic spending on cybersecurity protection is heading for the $100 billion threshold by 2017. Smart professionals are streaming into the sector.

Yet massive data breaches keep grabbing headlines and stoke a public trust crisis.

The world sees more than 80,000 new malware threats each day, and as an industry we share more data than ever for the common good. We’ve embraced data analytics. We build and deploy a cascade of security tools. So why isn’t the security industry winning?

Mobile and cloud computing promise vast new benefits, as does the nascent Internet of Things. But to make them real, we security experts must pivot to something new. We have plenty of data – some say we’re awash in data – but we don’t derive enough insight about how to win. It’s time to stand the conventional wisdom on its ear. 

It’s time for security strategists to sift, read, and respond to threat data differently, even though we may evolve away from cherished, traditional strategies. Ninety-eight percent of incoming threats are low priority, but security solutions often don’t classify them or highlight the other two percent that are real trouble.

What’s the effect of reading data differently? For example, you can deduce a lot about cyberattacks by knowing where and how they were launched. If a malicious piece of malware is part of a “mass blast” action by a nontargeted source, it’s likely in the 98 percent. Let an automated response handle it. If that same incoming malware is deemed part of a targeted campaign, that’s different. It has a unique signature. Time to escalate that case to human security analysts.

Another example: We can use data to focus on incoming attack campaigns happening right now, rather than a sea of ex post facto “indicators of compromise” – which generally report bad news after the fact.

We’d be better off assessing and categorizing each threat alert as it arrives. Abandoning the conventional wisdom that all threats are created equal. Deriving insight from a cyberattack’s probable path, target, and agenda. Security managers can be more effective when they watch a dashboard – an intelligence readout – that reports rare and uniquely threatening events as they happen, as opposed to an emailed, undifferentiated laundry list of threats already detected.

We now know the criticality of moving in the  “golden hour” after a hack. Action in that crucial window can pay big dividends in damage control and limit data loss. Moving to a more discriminating defense strategy makes us more secure.

A strategy shift this fundamental takes courage. It is only natural to defend old methods many of us helped build and sell. But public perceptions driven by screaming breach headlines demand change. 

We must encourage organizations to invest in better-coordinated security solutions that present fewer gaps in the armor. That means a combination of new technology and new people and processes – experts with fresh eyes, inclined to analyze data differently and manage threats with more finesse and discernment.

And private security firms must change their game, too. Security companies agree implicitly that better knowledge of attackers is useful. We need to get explicit about making that idea real. We can and must retool our systems and processes to do so.

The industry must resist chasing down every last threat with the same emphasis and focus on the few with true chaos potential. 

Can we make these changes? Thinking different is always harder than retreating to the tried and true. But the stakes have grown too high for that. Something has to change.

Looking at data differently, leveraging it to go on offense, and providing best-in-class products to make it happen is how we defuse the trust crisis in computing today. It’s how we lead. It’s how we change the game. 

Chris Young is general manager of Intel Security at Intel Corporation. Follow him on Twitter @youngdchris

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Opinion: It's time to upend the cybersecurity business
Read this article in
https://www.csmonitor.com/World/Passcode/Passcode-Voices/2015/0527/Opinion-It-s-time-to-upend-the-cybersecurity-business
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe