Five Myths Holding Your Security Program Back

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
Next Five Myths Holding Your Security Program Back-4 Next

Keeping the Bad Guys Out

Myth #3: The goal of cybersecurity is to keep the bad guys out.

The Reality: In today's interconnected world, what does "in" and "out" even mean anymore? Any external attacker who steals the credentials, authority and access rights of an insider can be considered "in." Anyone who has access rights is a potential threat, including employees behaving badly.

Dan's Advice: Designing data protection regimes around the "insider threat" by default also controls for an outsider posing as an insider. The outsider attack problem is solved as a side effect. The goal of this inside-out approach is to egress control: to keep the data from leaving. Don't allow data movement in outbound network traffic to go unnoticed.

One could argue that cybersecurity is the most intellectually demanding profession on the planet. The rate of change is so great that no challenge is ever solved and no problem ever resolved completely. That said, security failures more often result from a lack of direction and focus, not of skills or resources.

The five myths in this slideshow, identified by Dan Geer, were selected because they address pain points common to many organizations, and successfully addressing them will give reasonable assurance of some quick wins. In reviewing this list, continue to ask yourself how to apply the advice to your organization and its unique cybersecurity ecosystem. The myths endeavor to challenge you a bit on how you think about the difficulties we all face.

Dan Geer is the chief information security officer at In-Q-Tel, a not-for-profit investment firm that works to invest in technology that supports the missions of the CIA and the broader U.S. intelligence community. Previously he was chief scientist at Digital Guardian (formerly Verdasys). Geer was a key contributor to the development of the X Window System as well as the Kerberos authentication protocol while a member of the Athena Project at MIT in the 1980s. Shortly after, Geer created the first information security consulting firm on Wall Street in 1992, followed by organizing one of the first academic conferences on electronic commerce in 1995. Geer is also the past president of the USENIX Association where he earned a Lifetime Achievement Award.

 

Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

 
More Slideshows

BitSightRansomware0x Ransomware: The Rising Face of Cybercrime

Ransomware is a legitimate threat, with estimates from the U.S. Department of Justice showing that over 4,000 of these attacks have occurred every day since the beginning of the year. ...  More >>

Security121-190x128 5 Ways CFOs Can Implement an Effective Cybersecurity Strategy

While cybersecurity concerns are widespread, finance remains one of the most vulnerable areas for malicious attacks. ...  More >>

infra100-190x128 Top 10 Strategic Technology Trends for 2017

Here are the top 10 strategic technology trends that will impact most organizations in 2017. Strategic technology trends are defined as those with substantial disruptive potential or those reaching the tipping point over the next five years. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.