Too lucrative, too easy, and not enough investment. In the simplest terms possible, that is how you could describe the current state of cybersecurity. Over the last month, we’ve heard from some of the top minds in the industry, and a general consensus is that despite the innovations and optimism in the world of cybersecurity, those three issues remain at the heart of the industry.
“There’s more tools that it’s available. There is more research. The hacking communities are actually businesses. They employ people, they pay people and they ride these things and it is becoming easier. The overall system has not been very well-studied to understand what are the right things to do and what things we should limit and that kind of thing.”
That’s Taher Elgamal, CTO for Security at Salesforce and on this episode of IT Visionaries, our cybersecurity series concludes as Taher is joined by Ed Amoroso, Founder and CEO of TAG Cyber. The two discuss the state of cybersecurity, including where companies are getting their security measures right, and where the industry is struggling as a whole. The two also detail why the growing divide in skills is a problem without an immediate solution, and why capitalism might just be the biggest threat to security as a whole. Enjoy this episode.
Main Takeaways
- Cyber Know How: Today it’s easy to simply buy a product or service and bolt that service on top of your current tech stack. But one of the biggest problems most enterprises are running into is a lack of knowledge in how to actually operate those services efficiently and effectively
- Test, Then Test Again: Securing a network is not a one-time fix, but rather it requires companies to be continually testing their networks for vulnerability. A good practice is to place a heavy emphasis on hiring white hat employees, or other hacker services whose sole responsibility is to attempt to break your network. When you are continually testing, it’s much easier to understand where your weaknesses are and then design products to patch those weaknesses.
- Can’t We All Get Along?: There are more cybersecurity applications than ever before, but even with the growing number of available vendors, attacks are increasing. Until cyber threats begin to dwindle yearly, a good solution would be for companies to start sharing assets and information in order to help build more securable and unbreakable products.
For a more in-depth look at this episode, check out the article below.
Article
Too lucrative, too easy, and not enough investment. In the simplest terms possible that is the state of cybersecurity. Over the last month we’ve heard from some of the industry’s most heralded professionals tasked with preventing cyber attacks, and the general theme that emerged is despite the insight, the wisdom, and the optimism they’ve shared, those three things are the crux of the problem.
“There’s more tools that it’s available. There is more research. The hacking communities are actually businesses. They employ people, they pay people and they ride these things and it is becoming easier. The overall system has not been very well-studied to understand what are the right things to do and what things we should limit and that kind of thing.”
On this episode of IT Visionaries, our cybersecurity series concludes as Taher Elgamal, CTO for Security at Salesforce, and Ed Amoroso, Founder and CEO of TAG Cyber, join the show to discuss the state of cybersecurity, including where companies are getting their security measures right, and where the industry is struggling as a whole. The two also detail why the growing divide in skills is a problem without an immediate solution and capitalism might just be the biggest threat to security as a whole.
According to Forbes, 2020 broke records when it came to cyber breaches and data loss, and while the overall number of cyber attacks continues to rise, so does the sophistication of those attacks. Whether it’s infiltrating a company’s public cloud, or through email phishing attacks the general theme is businesses are still not doing enough to protect themselves.
One of the common ways companies are chasing security is through software applications, which is brought in as a quick-fix attempt to self-correct problem areas.
“It’s not a matter of buying a bunch of things that are going to protect you,” Amoroso said. “It’s taking time. Maybe it’s even feudal in some cases, but at least trying to understand what you’ve got. And once you understand it’s much, much easier to secure what you have in place.”
One of the growing themes from our cyber security is the growing problem with companies simply buying software and just placing that software on top of it and not taking the time to understand that ins and outs of that software.
“Until we address that complexity and the level of understanding of what we run, those of us in the cybersecurity business are going to be very busy,” Amoroso said.
Elgamal added that right now, hackers have a relatively easy job. They no longer have to design systems in order to find where a company’s borders are unsecure. Instead, now they can simply run automated software services that try numerous avenues to break into an enterprises systems. While developers are forced to think of every possible avenue to prevent these attacks while using a mix of first-party systems and open source materials.
“The hacker is lucky because they have automated tools and they just run their automated tools until they find an opening,” Elgamal said. “For a hacker, one opening is sufficient, but for people who build things you have to cover every single opening. It’s very unfair. Big companies spend a lot of time and a lot of effort to secure themselves, which they do really well. But the components of all the systems that run together, and the level of connectivity between everything, just makes things very vulnerable.”
Over the last few years it’s become common practice for companies to try and combat hackers through the use of white hats, self-employed individuals whose sole responsibility is to try and break into a company’s network. But Elgamal brought it back to one common issue: money.
“Everybody is looking to cut costs, but people who understand the scope of the problem build more complete programs where you actually do not just look for the problems you have in your systems and infrastructure but you also look for ways to detect a hack before it happens,” Elgamal said. “Security is not a one shot and done, but to be able to execute these things, you actually have to invest in securing the systems, then the infrastructure and everything, it just doesn’t come for free.”
One of the more common ways companies have handled their security efforts over the last few years is through SaaS offerings, such as Salesforce’s platform. With more companies moving to public cloud offering, Amoroso stressed this the best possible option moving forward.
“I would recommend it to anybody. If you’re an enterprise CRM, go buy something like Salesforce, and then you’re going to have a good team helping you,” he said. “This isn’t a commercial for Taher, I’m just saying in general, moving into cloud SaaS makes a lot of sense for smaller companies.”
To hear more from Elgamal and Amoroso, and their thoughts on the state of cybersecurity, check out the full episode of IT Visionaries!
To hear the entire discussion, tune into IT Visionaries here.
