Page 92 - Cyber Defense eMagazine Special RSA Conference Annual Edition for 2022
P. 92
supply chains by ramping up threats and expanding attack vectors, which we believe will continue to
climb throughout 2022.
The war in Ukraine has catalyzed interest in cyber readiness. But even those of us who have been
preparing for cyber war over the last several decades are now reevaluating our toolkits to ensure
complete preparedness should we need to engage in a full-scale cyber conflict. Cyber warfare may be a
relatively new type of war but preparing for it should be no less urgent than preparing for physical combat.
To do that, there are four major components of cyber preparedness that government agencies and
military branches should address: intention, cyber hygiene, controls, and people.
Why Intention Matters
When Dwight Eisenhower gave his landmark speech on the dangers of the military industrial complex,
he spoke of the need to find agreement on contentious issues and to exercise good judgement by striving
for balance and seeking progress. He astutely remarked that the lack of good judgement eventually leads
to imbalance and, unsurprisingly, frustration—a sentiment that’s all too familiar to modern-day chief
information security officers (CISOs) charged with keeping their organizations—whether public or
private—secure in the face of shifting attack vectors.
The past two decades have given rise to a thriving cybersecurity industrial complex not unlike
Eisenhower’s military one. Yet despite the Hydra-like growth of security vendors, the thousands of new
capabilities that purport to control for risk levels, and the attendant rise in spending on security-related
products and services, attack vectors keep growing. As they grow, they contribute to often unnecessary
spending to maintain an already costly security infrastructure.
As a result, it’s important to rethink and retool the solutions we have and the approaches we use to better
understand what our current security investments are delivering, whether their results are still relevant,
and what gaps still exist. Do we have proper controls in place? Can we scale in real or near-real time to
meet challenges as they surface? Are our existing tools truly delivering on their promises? At the end of
the day, it’s crucial that organizations think through and continuously assess their tech stack or they’ll
find they’re not only wasting budget, but risking much more.
We're behind in some areas and can do better; we are not as prepared globally as we might be. But we
do have strong cybersecurity leadership and the right intentions to meet today’s challenges. Attacks today
are more complex, layered, and targeted. Threat actors have shut down meat packing plants, disrupted
critical infrastructure, and ransacked government agencies. We’re now also facing the implications of
nation-state cyberattacks; the potential disruption of satellites and communications systems, of utilities
like water, oil, and electricity. There are threats to physical and cyber defenses as well as the potential
onslaught of misinformation campaigns designed to cause chaos and confusion. Nothing is off the table:
Attackers will strike wherever it hurts us the most.
92