Written By Kyle Flaherty And Presented By Chuck Leaver Ziften CEO
Cyber attack impact on companies is typically simple to determine, and the suppliers of tech services are constantly flaunting different data to reveal that you have to obtain their most current software application (including Ziften). But one fact is really stunning:
In The Previous Year Cyber Crime Cost Organizations $445 Billion And Cost 350,000 Individuals Their Jobs.
The monetary losses are simple to take on board despite the fact that the amount is substantial. But the 2nd part is concerning for all involved with cyber security. Individuals are losing their employment because of what is occurring with cyber security. The circumstances surrounding the job losses for all of these individuals is unknown, and some might have deserved it if they were negligent. But the most fascinating feature of this is that it is well known that there is a lack of gifted individuals who have the capability to combat these cyber attacks.
While people are losing their positions there is also a need that more talented individuals are found to prevent the ever increasing risk of cyber attacks. There is no argument that more people are required, and they need to be more talented, to win this war. But it is not going to happen today, tomorrow and even this year. And while it would be fantastic if a truce could be worked out with the cyber attackers up until these resources are readily available, the reality is that the battle must go on. So how do you fight?
Utilize Technology To Enable, Not Disable
For several years now suppliers of security tech have actually been offering technology to “prevent and obstruct” cyber attacks. Then the vendors would return afterwards to sell the “next generation” solution for preventing and stopping cyber attacks. And then a couple of years later on they were back again to sell the latest technology which focussed on “security analytics”, “threat intelligence” and “operational insight”.
In every scenario companies bought the most recent technology then they needed to add expert services or even a FTE to run the technology. Naturally every time it took a substantial quantity of time to get up to speed with the new technology; a team that was struggling with high turnover because of the competitive nature of the cyber market. And while all of this was going on the attacks were ending up being more persistent, more sophisticated, and more regular.
It’s About Individuals Utilizing Technology, Not The Other Way Around
The problem is that all of the CISO’s were focussed on the technology initially. These companies followed the timeless model of seeing a problem and developing technology that might plug that hole. If you consider a firewall program, it literally develops a wall within technology, using technology. Even the SIEM technology these companies had implemented was focused mostly on all the different connectors from their system into other systems and gathering all that info into one place. But what they had rather was one place due to the fact that the technology centric minds had forgotten a critical component; individuals involved.
Humans are constantly proficient at innovating when faced with risk. It’s a biological thing. In cyber security today we are seeing the 3rd phase of innovation, and it is centered on individuals:
Phase 1 Prevent by building walls
Phase 2 Detect by building walls and moats
Phase 3 View, inspect, and react by examining user habits
The reason that this needs to be focused on people is not just about skill scarcities, but since people are really the issue. People are the cyber hackers as well as the ones putting your company at risk at the endpoint. The technologies that are going to win this battle, or at least enable survival, are the ones that were developed to not only improve the abilities of the individual on the other side of that keyboard, but likewise concentrate on the behaviors of the users themselves, and not just the technologies themselves.