Kathy Gibson is at the virtual Kaspersky Security Analyst Summit – The cyber security industry will need to make some fundamental changes in order to be relevant in a post-pandemic world.
The move to remote working driven by global Covid-19 lockdowns means that security spend is inevitably going to go up. And the security issues are going to be different as well.
Security and cloud are both front and centre for CIOs looking to ensure their systems are geared for the new realities.
This is the word from Sounil Yu, chief information security officer in residence at YL Ventures and creator of the Cyber Defense Matrix and the DIE Resiliency Framework.
Describing the Cyber Defense Matrix, Yu explains that buzzwords don’t really help us understand what problem we are solving, and if they are being solved properly.
“We need to know what the scope of things is that we need to tackle,” he says.
The matrix devices, applications, networks, data and users on one axis; and identify, protect, detect ,respond and recover on the other. All of these are predicated on the degree of dependency from people, technology and process.
Most security vendors today focus on identify and protect, fewer on detect and only a handful on respond and recover – with recover solutions featuring exclusively in the data environment.
Yu, with his DIE (distributed, immutable and ephemeral) Resiliency Framework is looking to encourage more development in the detect, respond and recover areas.
“The move is being driven by the business, which wants greater agility,” Yu says. “To the degree that security vendors can offer solutions that help drive the business faster and more efficiently.
“Where you have capabilities that have an inherent benefit to security, but a greater benefit to the business itself. The buyer then becomes the business rather than the security team.
“If we do this right the business will want to do it, and security will be the beneficiary.”
For instance, Yu points out that the move to remote working means that CIOs have to adapt security processes. “Businesses will have to make some payoffs to get people back to work.
“But every step we go down for remote access gives cyber criminals an opening to get into the corporate network. We’ll see attacks ramped up over the next few weeks until we are able to get back to a secure stance.”