Page 80 - Cyber Warnings
P. 80
PERCEPTION MEETS REALITY: COMBINING TECHNOLOGY AND
TRAINING TO CREATE A MORE RELIABLE CYBERSECURITY
SYSTEM
LESSONS LEARNED FROM THE US DEPARTMENT OF DEFENSE
By Bob Heckman, Vice President and Chief Information Security Officer, Cybersecurity Center of
Excellence, Criterion Systems, Inc.
In recent years, IT executives have justified and received capital funding from their boards to
purchase a plethora of cybersecurity products promising to be the silver bullet that will solve all
their security-related problems. One look at the 2017 RSA Conference list of exhibitors and
sponsors reveals thousands of companies offering products and services from access control,
anti-malware, anti-spam, and firewalls, to analytics, intelligence, response, application security,
and how to secure the Internet of Things (IoT).
Given this wealth of solutions, it is not surprising that a recent report and accompanying panel at
that conference unveiled a substantial difference in how confident IT executives are in their
current cybersecurity defenses (high) versus how effective those defenses actually are (they
are, in fact, struggling to keep up).
From the IT executive’s perspective, they have invested a substantial amount of money
acquiring technology to enhance the organization’s cybersecurity defenses, thus ensuring their
security. Unfortunately, there are no silver bullets, and adding even more technology is not the
solution. This is also a people problem. For one, most organizations lack the qualified and
experienced cybersecurity resources necessary to effectively manage their security
infrastructures.
It’s like purchasing a very expensive Formula One (or NASCAR) race car and not having a
mechanic to maintain it or driver to race it. While there is a vigorous debate in the industry on
the subject, the current perception is that a shortage of qualified cybersecurity resources is
impacting all aspects of the industry.
A second “people-related” factor compounding the issue of weak defenses is that most
organizational workforces don’t understand or abide by a corporate culture of cybersecurity.
There is a funny quote making the rounds on the Internet, attributed to Einstein, “Two things are
infinite: the universe and human stupidity; and I’m not sure about the universe!” This explains
why phishing remains a major problem for organizations. What, then, can IT executives do to
address the perceived shortage of cybersecurity talent and encourage their employees to be
more cybersecurity conscious? These two problems need to be solved in concert, and the US
Department of Defense has made a good start in doing so.
80 Cyber Warnings E-Magazine – May 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
