Dr. Rois Ni Thuama, Head of Cyber Governance at Red Sift, recently hosted a Fireside Chat on digital resilience, featuring cybersecurity pioneers Ciaran Martin, Founder and Former CEO of the National Cyber Security Centre (NCSC); John Stewart, Former Senior Vice President and Chief Security and Trust Officer at Cisco; Rahul Powar, Founder and Chief Executive Officer of Red Sift; and Ivan Ristic, Chief Scientist at Red Sift. The insightful conversation covered a lot of ground, and below are some critical topics in the space the leaders discussed.
- The cybersecurity macro environment and predictions.
- CISO leadership in the face of an expanding attack surface.
- A safer internet is key to maximizing technology’s positive impact on people’s lives.
In this blog, we’ve narrowed down four of the biggest takeaways from the discussion.
1. We must ask ourselves what we can do right now to make it harder for bad actors to succeed
The chat kicked off with Ciaran Martin providing an overview of the geo-political threat landscape, noting that “our digital environment is fundamentally insecure.” He explained that generally speaking when people talk about modern threat actors behind the most impactful security attacks, they primarily refer to organized criminals and nation-states. One of the biggest threats emanating from Russia today is its organized cybercrime, with Ciaran citing a recent ransomware attack by Russian cyber criminals on one of Australia’s largest private health insurers. “There is a suite of actors that are after different things, but they’re all exploiting that fundamental digital insecurity that has built up over time,” he said.
Quote banner: “Our digital environment is fundamentally insecure” Ciaran Martin, Founder and Former CEO of the National Cyber Security Centre (NCSC)
Businesses trying to navigate this landscape should focus less on nation-states and what they’ll do next and more on things they can control that will help them avoid being a soft target. Like how a coach prepares their team for competition by focusing on their team’s strategy before their opponent, Security leaders should prioritize their organization’s security posture over adversaries.
Help prevent damage by taking a proactive approach to security by staying updated on patching and prioritizing email and web hygiene with TLS, DNS, and SSL. Your organization’s security posture should reflect today’s increasingly connected and complex digital business work.
2. The cybersecurity industry should focus less on exotic stuff and more on getting the basics right
While the threat of nation-state attacks is real, it’s essential that organizations stay focused on the basics, meaning what they can control. According to the Security leaders, the reality for most businesses is that risks are prosaic because, as an industry, we’re not getting the basics right – i.e., implementing the security protocols available. Security protocols aren’t silver bullets, but the businesses implementing them are more resilient, so there’s no good reason not to adopt them. The cybersecurity industry needs to focus on making it easy for businesses to understand these protocols, why they help them and make it easy and cost-effective to implement them. If an organization doesn’t have a security posture with a strong foundation, including comprehensive technical controls, we risk building our infrastructure on sand.
Red Sift focuses on getting the basics right, starting with the base layer. We focus on how we can help businesses build a better public-facing cybersecurity posture that makes it harder for attackers to be successful. If you’re not the softest target, attackers will go elsewhere.
3. The threat environment will always be hostile, so we need to focus on improving security posture now and for the long term
Unfortunately, there will always be one cyber crisis or another, so businesses need to take a long-term view on improving their cyber hygiene and security posture. A considerable part of this is visibility – what does your infrastructure look like? Do you have the tools necessary to strengthen your infrastructure security? Awareness, peer pressure, and usability all contribute to helping improve the adoption of the right protocols and tools and, overall, cyber hygiene.
To enable businesses to strengthen their cyber posture, the cybersecurity market needs to streamline its offerings by removing obscure tools and magic amulets and providing usable solutions that are proven to reduce risk. Nation-states aren’t out to get everyone and have finite resources too, so organizations must focus on the actual risks and threats that we know exist now and tools and solutions are proven to mitigate them.
4. The role of cybersecurity in making the internet safer is to enable technology to have the biggest positive impact on people’s lives
Many acronyms we use when talking about protocols (e.g., TLS, PKI, SSL, etc.) might seem incredibly technical or niche, but what they do and help solve is extremely important. Many mechanisms we enjoy on the internet would only be possible with strong web protocols in place. Things like internet banking and online shopping are underpinned by strong encryption technology, without which these would be unusable.
Today’s digital world is incredibly complex and dynamic. There’s so much we can do, but it comes with risks. Security teams must help organizations put themselves in the best position to mitigate today’s threats by strengthening their security posture based on the modern threat landscape and known vulnerabilities.
The experts shared many valuable insights into the world of cybersecurity and digital resilience, valuable for any business or Security leader interested in improving their security posture for today’s digital landscape. We’re excited about how much technology can help us and all the good it can do for the world. To ensure we continue harnessing technology for good, we need to focus on security and making the internet and the digital world more secure, so we can continue harvesting the full value of technology. Focusing on the basics and building strong security foundations will enable us to use technology in a way that will positively impact people’s lives.