For Cris Thomas, not much has changed since the late-90s.
Then, testifying before Congress as a fresh-faced 20-something under the alias Space Rogue, he warned that many digital defenders couldn’t properly safeguard their networks. The software companies Americans trusted to write secure programs, he said, simply refused to fix vulnerabilities found by security researchers.
“The fundamental, basic undercurrents of security hasn’t changed that much in all that time,” said Mr. Thomas, now a strategist at Tenable Network Security. ”One of those fundamental things is knowing your network because you can’t secure what you don’t know.”
Today, as digital connectivity touches our devices from our cars to our watches to our televisions, companies are more open to working with researchers — but that proliferation of software means cyberdefenders still struggle to keep up even if they are optimistic about their ability to counter future cyberthreats.
That’s the upshot of Tenable’s recently-released Cybersecurity Assurance Report Card.
The report gauges the attitudes and perceptions of security practitioners across the world in various industries. Given that insight, it also provided some key recommendations — among them, “knowing yourself” because “you can’t secure what you can’t see.”
Knowing yourself “means having continuous visibility into cloud, hybrid and on-premise environments,” according to the report, “but organizations also have to stay ahead of security challenges that accompany new trends and technologies.”
But, despite all the challenges these recommendations hint at, network protectors still feel confident in their ability to protect their users.
One of the last questions asked in Tenable’s Cybersecurity Assurance Report Card was: “Compared to this time last year, do you feel more optimistic or pessimistic about your organization’s ability to defend itself against cyber attacks?”
Almost 90 percent of those asked felt the same or better about the future.
“As a defender you’re getting beat down by all this red ink and breaches,” said Thomas, at a Passcode event this month.
“But you’re still maintaining a positive attitude: ‘Yes, we can still defend our network. We can still defeat the bad guys. We’ll live another day and fight the good fight.’”