Earlier this month our team attended our first CyberTexas event in San Antonio. I presented on a panel of cybersecurity experts in a session called “Cyber Defense Toolbox.” The panel covered a range of topics, from ethics in AI to the future of a self-healing ‘immune system’ for software.
As the conversation progressed, each panelist brought a unique perspective to the table. The panel painted a holistic picture of the security landscape for enterprises. For those of you that couldn’t make it, here are some of the key takeaways from the discussion:
- The cybersecurity market is booming. Security spending is at an all-time high, with close to $100 billion in organizational spend last year according to Momentum Cyber. But at the same time, security breaches are at an all-time high. While one could assume the increased spending means more companies are simply being more vigilant in their strategy, the rising amount of breaches suggests the system is broken
- Enterprises are lacking necessary talent to stay on top of security threats. Enterprises are struggling to cope with looming security threats. With so many plates spinning at any given time and multiple borders/entry-points per individual, it can be incredibly difficult to keep track of, much less secure, all potential points of vulnerability. This hefty task is compounded by the cyber security talent shortage. Automation is being demanded to supplement gaps but without enough experts to go around and manage it all, the vulnerabilities abound.
- Security solutions are largely focused on the wrong part of the SDLC. The majority of security tools on the market are focused on endpoint security. This methodology misses the mark on a major threat: the developers on your team. We’re not suggesting your development team is nefarious or plotting against you. However, we are saying that unkempt or poorly written code can be riddled with security vulnerabilities. Be sure to have a holistic security strategy.
- What’s lurking in your code? On the subject of human error, we know that the threat of developers making mistakes along the way is unfortunately all too common. In fact, the Department of Homeland Security estimates that 90% of security incidents are the result of code vulnerabilities. Look first within: all development teams should be scanning source code throughout their SDLC to avoid this preventable problem.
- Keep it simple. One of the biggest flaws in this system is that security solutions are still too complex. In many ways, the industry is to blame for this. There is a strikingly low emphasis on adoption. For example, two-factor authentication is perhaps one of the most effective protections against a compromised password. However, only 10% of users use two-factor. Despite being one of the easiest and most effective security protections, 2FA is still not used widely enough.
A major theme of the panel was that many companies need to course correct and ensure they are focusing their energy on the right part of the SDLC. While keeping up with ever-evolving security threats is only becoming increasingly fast-paced, it is also becoming more and more imperative to the foundation of a healthy business.