By Julie Cullivan, FireEye CIO and EVP Business Operations
The digital transformation means different things to different people—how you define it depends on how you perceive it.
For consumers, digital transformation means increased connectivity. From smart phones to connected homes, people are demanding more and different ways to interact with their surroundings.
For hackers, digital transformation opens up a virtual playground of opportunities to disrupt our lives. A wider attack surface creates myriad ways for threat actors to gain access to data, finances and other assets.
For CIOs, digital transformation is a mixed blessing: it means taking advantage of a better-connected world and simultaneously creating additional risk. These executives face a tall order: addressing IT and cyber security needs while still meeting productivity priorities that impact the bottom line. Throw a society clamoring for more digitalization into the mix, and CIOs truly have their work cut out for them.
With or without digital transformation, it’s been proven time and again that cyber breaches are inevitable. No matter how strong our resources are, cyber attackers will find ways to access what they’re after. As we’ve already witnessed, the Internet of Things (IoT) gives even unskilled hackers more opportunities to take over online devices and launch distributed denial of service attacks and wreak havoc over our daily lives. As cyber stewards for our companies, the best thing CIOs can do is to mitigate risk wherever possible.
The answer is not simply to throw more money toward cyber security resources. Unfortunately, even unlimited budgets would struggle to address and shut down every risk. Why? Because the attackers are constantly evolving. Like the carnival game called Whack-a-Mole, each time you find a way to protect one threat vector, five other risks have popped up.
Digital transformation is here to stay, and we need to find ways to make our peace with that—and ways to grow our businesses without creating additional vulnerabilities for our enterprises.
What Do You Know and When?
In protecting your network, visibility has to be your prime objective. It’s crucial to know about every device and every person who’s plugging into your network. But you also need to know what’s leaving your network, whether it’s intellectual property or emails. What’s going out is every bit as important as what’s coming in. You can’t improve your security posture if you don’t know where you stand.
Good security hygiene needs to be a second priority. That means training your people to use best cyber security practices. We’re seeing IoT breaches traced back to the simplest mistakes—people who never reset their default password, or employees who clicked on an email link they shouldn’t have. The human component is one of the easier (and least expensive) ways to shore up your cyber defense.
Threat intelligence also has to be part of the plan. It’s not enough to react when you think there’s a threat; you need to anticipate and respond to attacks by understanding the hackers’ motives, intentions and methods. Who are they attacking? How are they getting in? What are they seeking?
This digital world requires deep visibility into every layer of an enterprise, including remote locations—which requires eyeballs monitoring network traffic 24/7. And with an increasing shortage of cyber security professionals, it’s an understatement to call this an unfair fight. Sadly, it appears it’s only going to get worse. There a dearth of cyber security analysts, and the increased workload on those already employed in the field is leading to higher rates of attrition and burnout—creating a vicious cycle that’s not likely to be broken any time soon. As CIOs, that means we’re going to be relying on partners and third-party vendors to beef up our security resources and fill the gaps.
It’s one reason the security-as-a-service model has recently exploded. CIOs are extending their security teams with cyber products and intelligence beyond what their own enterprise can manage in-house. An as-a-service provider can detect an intrusion, investigate it and respond—all without adding undue stress on an already-overworked, in-house team. From threat validation to proactively hunting for signs of compromise, it’s little wonder this security model has caught on. It offers one of the best defenses in today’s digitally transformed world.
Keeping Your Head in the Game
If you can think like your attacker, you’re a step closer to defeating them. That’s where threat analytics comes in. Using everything from machine learning to behavioral analytics, you’re better able to uncover advanced persistent threats and anticipate an attacker’s next move. Analytics also let you respond faster to a compromise and help contain it, minimizing damage.
Endpoint protection also needs to be part of your strategy. Every connected device – from phones to laptops – creates a potential entry point for someone to access the enterprise and install malware or steal data. Firewalls and anti-virus software aren’t enough to keep up with today’s savvy attackers, however. Today’s level of connectivity requires deep visibility into your endpoints so you can proactively defend against known, and unknown, threats and exploits.
Of course, time is of the essence. Knowing that hackers are targeting your industry before you are breached is certainly preferable to finding it out after they’ve compromised your business. Real-time intelligence goes a long way to stopping an attack before it has started—saving time and potentially keeping catastrophic attacks from occurring. It’s a matter of knowing what hackers are up to before they have a chance to carry out their plans.
The most recent FireEye research shows that, on average, it takes 99 days to discover that an attacker has breached a network—plenty of time to do a whole lot of damage. As a CIO, I can’t afford to have them lurking around my system that long, infecting it or stealing information that could embarrass or undercut my company. I know that my best defense is to have a proactive security posture that includes continuous monitoring, risk evaluation and an adaptive defense. My board of directors, my company, our customers, and our shareholders are counting on it.
As companies depend more on the technologies transforming our digital world, it’s imperative that we proceed smartly – and equally important that we do it securely. Otherwise, we face the prospect of being up the digital transformation creek without a cyber security paddle.
Julie Cullivan, FireEye CIO and EVP Business Operations, will be giving a Plenary Address The Risks Behind the Reward: What Digital Transformation Means for Cyber Security, at the 2017 CIO Peer Forum.