A CTO guide: The main challenges facing the cyber security industry

In this guide, five CTOs provide their view on the main challenges facing the cyber security industry, with insights on how to overcome them A CTO guide: The main challenges of cyber security image

As part of Information Age’s Cyber Security Month, we are providing three CTO guides over the coming weeks on cyber security: the challenges, the technology and the best practices. This one will focus on cyber security challenges, with some insights on how CTOs, or CISOs or those in charge of security, can overcome them.

Technological and human

Avishai Wool, CTO of Algosec, sees two categories of challenges.

Technological. “Technology is changing, and the adversaries are always finding new and interesting ways to use new technologies against us. Since technologies are being developed rapidly, and there are financial and other incentives on the side of the bad guys, we can see that we will be challenged for some time to come.”

>Read more on Algosec CTO looking to the future amid more complex customer needs

Human. “Organisations need to realise that the weakest link is the human. The weakest link of an organisation under a cyber attack is the staff. The mistakes that they make allow the attacks to succeed. In the vast majority of cases, human error is the culprit.”

“The security industry needs to find ways to either empower the users to defeat cyber threats, to automate around human inabilities, or to eliminate the human from the equation.”

Avishai Wool believes if the human can't improve, it should be removed from the security process

Avishai Wool believes if the human can’t improve, it should be removed from the security process

‘Big data stores create new security challenges’

Scott Gnau, CTO of Hortonworks, believes that the centralised nature of big data stores creates new security challenges.

“In every industry, organisations wonder whether they are getting full value from the massive amounts of information they already have. As data volumes continue to expand, they also take in an ever-wider range of sources.”

>Read more on Cyber security training

“Organisations want to extract value from that data, but the centralised nature of big data stores creates new security challenges; the data that was previously siloed and not delivering intelligence becomes a data compliance challenge and elevated security risk when correlated with personally identifiable data.”

“Traditional tools alone are not up to the task of processing the information the data contains, let alone ensuring it’s secure in the process. While controls need to be placed around the data itself, controls should also be placed around the applications and systems that store data.”

Could innovation come at a cost? Scott Gnau believes the use of data could bring a new set of security challenges

Could innovation come at a cost? Scott Gnau believes the use of data could bring a new set of security challenges

Keeping up with changing technologies

Sridhar Muppidi, CTO of IBM Security, identifies the fast-pace change of technologies – and the skills required – as one challenge of succeeding in cyber security.

“I have the luxury of speaking and talking to large numbers of customers. Surprisingly, a lot of customers are struggling with skills.”

“They are struggling with skills – not just regarding hiring the right kinds of people – but in keeping up with the changing technologies. How do you keep up with the best practices? You could be the smartest person today, but if you don’t keep up with the technology, it’s a problem.”

>Read more on Sridhar Muppidi, CTO of IBM Security, on the changing shape of innovation

“The second challenge is around context or understanding. No matter how many skills, if you don’t have the right level of information to make a decision, it’s no good. How do we understand the broader context, not just the market and the technology, but also in the information coming from multiple products that ‘I’ have within my organisation?”

“The third issue is speed. Many customers have about 80 different tools from about 40 different vendors. That’s a vast amount of data to harness. If I spot an anomaly, I need to go and research it before I can decide if it’s good or bad. Of course, I also need to do this in a concise period of time. The threat landscape is moving very fast and attackers are smart.”

The cyber security skills crisis is well documented. And, Sridar Muppidi feels it is a significant challenge

The cyber security skills crisis is well documented. And, Sridar Muppidi feels this is a significant challenge for the industry to overcome (among others)

The ‘growing cyber skills gap’

Jason Hart, CTO at Gemalto, also says that the biggest challenge facing the cyber security industry is the growing cyber skills gap.

“There’s no shortage of young people capable of pursuing a career in cyber security. But, the trick is to ensure we nurture their skills and guide them towards using their talents for good, rather than acting as black hat hackers. Thanks to institutions such as GCHQ, initiatives are now being run around the UK that are aimed at producing the next generation of cyber security experts.”

>Read more on Gemalto CTO: Beating ‘cybercriminals at their own game’

“As demand for these roles continues to increase in a post-GDPR world, governments, businesses and educators need to invest in these young people. Of course, they also need to train existing staff, use relevant solutions and be situationally aware, to remain secure and continue to comply with regulations now.”

The cyber security skills gap is an issue. But, Jason Hart believes opportunities are becoming more prevalent

The cyber security skills gap is an issue. But, Jason Hart believes opportunities are becoming more prevalent

Security needs a ‘multi-pronged’ approach

Uri Sarid, CTO of MuleSoft, believes that businesses have to treat cyber security as a multi-layered set of initiatives.

“It can’t be a separate initiative from other things in the business. It starts from security by design, which means that at the design of every system, there are security concerns being built in. You have to teach people who create anything, whether it’s new software, or whether it’s integrations, or whether it’s new APIs, the basic principles of security by design.”

>Read more on The present and future being equally important, according to MuleSoft CTO

“You also have to build things in a modular way, because the only way to achieve security in a distributed world is to have modules with well-defined intent. They tell you what it is that they’re doing, they tell you what kind of information they’re exposing, what kind of capabilities they enable. And then in the wiring, you can put in security best practices. It’s much easier to do it that way than to go back and retrofit a whole bunch of systems later.”

“You have to take this multi-pronged approach. It’s an educational approach, it’s an API-led approach, it’s a very intentional approach and it’s the best way to overlay more and more layers of security in the future.”

Security should be multi-faceted, according to Uri Sarid. And, security by design is crucial

Security should be multi-faceted, according to Uri Sarid. And, security by design is crucial

Work on a basis of ‘assumed compromise’

Michael Wignall, CTO at Microsoft UK, believes that organisations should work on the understanding that, at some point, they will be breached.

“In the cyberspace, the first thing to recognise is it’s asymmetric. Trying to protect our own estate, you need to protect it everywhere, whereas an attacker only needs to find one vulnerability and get in in one place. So, one of the core challenges is that you’re fighting an arms race where you in an asymmetric battle with the attackers.”

“Organisations need to understand and have a pragmatic view that if a hacker really wants to get into your network, they probably will. You have to work on a basis of assumed compromise, that you’re going to get breached at some point. So, you have to have a model to make it difficult for the hacker. A model that makes the costs of carrying out an attack more difficult harder.”

“You need to have a security lifecycle where you’re not just protecting your data, but you’re protecting when there’s a breach and then you’re responding quickly. Focusing on that full lifecycle of protect, protect and then respond has become more important, whereas historically, we’ve just focused on protection.”

Michael Wignall sees a range of cyber security challenges to overcome. But, always work on the understanding of ‘assumed compromise’

>Read more on Microsoft UK CTO on having both ‘technical and business outcome skills’

“The second challenge is the attacks are getting more sophisticated. The threat landscape is changing, and you can just read the press to see that it’s moved from the geeky hacker in the bedroom through to hacktivists, to organised criminals and nation states. The sophistication of the attackers has increased and that’s a core challenge for end users.”

“There are also some technological changes with artificial intelligence and machine learning, where a lot more of these attacks are just automated. And you can spin them up and target a set of IP addresses or domains, and it will go away and automatically try a set of vulnerabilities or automatically try to breach it. To face that threat, you need to almost use the same technology – like machine learning – to protect your estate.”

“The final point is that it’s got to be a board level issue. With compliance changes like GDPR coming into force, and the regulatory impact of a data breach, the issue of cyber security has become much more serious.”

“Educating the board and making sure they understand the importance of cyber security needs to be at the top of the agenda, like any other mission-critical capability. And that is another big challenge.”

Latest news

divider
AI & Machine Learning
AI marketing can drive customer loyalty to brands, finds survey

AI marketing can drive customer loyalty to brands, finds survey

17 October 2018 / A new survey has found that 41% of consumers will shun brands that send irrelevant [...]

divider
Releases & Updates
CA launches new AIOps platform to make self-healing applications a reality

CA launches new AIOps platform to make self-healing applications a reality

16 October 2018 / The CA AIOps-driven platform aims to correlate and analyse IT operational data and digital delivery chains, [...]

divider
Cybersecurity
National Cyber Security Centre releases Annual Review 2018

National Cyber Security Centre releases Annual Review 2018

16 October 2018 / The latest review from the NCSC reveals how it stopped Britain falling victim to almost [...]

divider
AI & Machine Learning
AI responsibility: Does business owe a duty to society as well as shareholders?

AI responsibility: Does business owe a duty to society as well as shareholders?

16 October 2018 / News straight in, shareholders are people too – at least they either are directly or [...]

divider
AI & Machine Learning
Being a CTO for a healthcare technology company

Being a CTO for a healthcare technology company

16 October 2018 / As CTO of Healx, Ian Roberts covers all areas of planning, business, opportunities, product and [...]

divider
Emerging Technology & Innovation
The top 10 strategic technology trends for 2019, according to Gartner

The top 10 strategic technology trends for 2019, according to Gartner

16 October 2018 / According to Gartner, a strategic technology trend is one with substantial disruptive potential on the cusp [...]

divider
People Moves
Pulsant appoints new Chief Operating Officer

Pulsant appoints new Chief Operating Officer

16 October 2018 / Pulsant, the UK provider of hybrid cloud services, has announced the appointment of Marion Stewart [...]

divider
AI & Machine Learning
What industries will AI impact the most — a CTO guide

What industries will AI impact the most — a CTO guide

16 October 2018 / As part of Information Age’s Artificial Intelligence Month, we are providing three CTO guides over [...]

divider
Business & Strategy
Ocado’s CTO Paul Clarke on managing technological innovation

Ocado’s CTO Paul Clarke on managing technological innovation

15 October 2018 / When Paul Clarke was named Tech Pioneer of the Year at the Tech. Awards 2018 last [...]

Do NOT follow this link or you will be banned from the site!

Pin It on Pinterest