In a previous blog, I described a number of dilemmas around cybersecurity - notably how its presence as a board room topic sits uneasily with the IT department’s poor perception of security, which couples with an increasing realisation that cyber threats cannot be addressed with IT alone. Even as technology becomes intrinsic to business life in this, hyper-connected world, the bad guys are developing ever more targeted threats as we see in our recent Internet Security Threat Report (ISTR).
It’s not up to us security experts to rain on this parade or tell the businesses we advise they’re doing it all wrong - I doubt they would listen even if we did. Our enterprise customers tell us their businesses wouldn’t be where they were today without taking risks, be they financial, organisational or indeed, technological. Any business leader who has had to grow the organisation, or has entered a new territory, or bet the company on a new product line, sees cyber security as more of the same.
So, if we are not going to shout disaster like some curmudgeonly Greek Chorus, what should we do? Rather than adopting a preventative, risk-avoidance stance that involves telling people what they can’t do all the time, the answer is to start from a business perspective, and put security threats, their consequences and responses into that context.
For a start, the business will use the technology it sees as most useful, whether or not this introduces new threats - try taking away the CEO’s tablet computer, for example. Also, given that security can never be fully watertight, it becomes more important to understand threats in advance, and then to be responsive enough to deal with them effectively.
One area of particular interest is how generated information can become part of the solution. You’d have to have been locked in cold storage for the last couple of years to have missed the hype around big data, how the quantities of information generated and the amount of processing now available have created a vast resource to be mined. We have known for some time how valuable is the information we gather to power some of our products and to drive initiatives such as the ISTR, for example:
Symantec Insight™ - a cloud-based security technology which uses a file’s age, frequency, location, and anonymous telemetry data to identify new, mutating threats.
Symantec Online Network for Advanced Response (SONAR) - also cloud-based, this detects new threats based on behavioural monitoring and analysis. SONAR works closely with Insight™.
Symantec Disarm - a patent pending technology which takes file attachments such as Microsoft Office documents and PDF documents, and creates new versions with any harmful payloads removed.
Link and IP Following in Symantec Email Security.Cloud - this checks web sites linked by emails, and reports if any malicious software is present at the destination site, or if the destination has earned a negative reputation.
At the same time we are looking to provide similar intelligence to our customers, so they can target it at their own objectives and exploit it in their own way. So, for example, customers in a certain vertical, or of a particular size, can mine the same information that we have access to, creating specific feeds, alerts and policies – DeepSight Security Intelligence.
While our historical roots are as a products-and-services company, with a security portfolio targeted at preventing problems and resolving any issues, we are embracing an information-rich future in which being forewarned is fore-armed. This means working more closely with both customers and suppliers: just as we recognise no single technology will ever be able to solve all issues, so we are expanding both our business partnerships and technical integration points.
Cyber security may still have to break through the glass ceiling, to demonstrate its value and gain business ownership, but it is headed in the right direction. While the business may one day fully embrace its cyber responsibility, it is incumbent on us to provide the capabilities organisations need to manage their cyber risks alongside the business challenges they face.