In Berlin, this year’s Cisco Live event is currently under way. Cisco Live is an opportunity for the world’s most important Information Technology, networking and communications professionals to come together and discuss IT for education and training purposes.
At this year’s event, 1000 top chief executives were polled by Cisco to find out whether they think that complying with cybersecurity regulations is slowing down the pace of their business. Of those questioned by the survey (which will be published next month), 71% have agreed that paying due care and attention to cybersecurity is indeed responsible for slowing down the momentum of business and cutting into company profits.
Talking at Cisco Live this week, Craig Williams, senior technical leader at Talos, commented that he believes we can expect to see a massive shift in the way that cybersecurity is handled over the next five years. A symptom of this change, he says, is that many people currently working in the field may indeed be made redundant, or choose to move into different areas,
‘A large percentage of the engineers out there will probably be doing something else, I think security has moved away from being something that involves configuring a firewall to something that is more data and analytic-driven. I think a lot of [security professionals] will make the shift but a lot of them won’t.
If you don’t like constantly learning about security, you are probably in the wrong business.’
The director of Cisco EMEA also reinforced William’s opinion when he spoke at the event. He concurred that the nature of security was changing rapidly and that he foresees automation being increasingly more important in the future: freeing people up ‘to do more intellectual activities’ he said.
While cybersecurity failures can be incredibly costly for businesses, it is understandable why company executives would find keeping systems safe a nuisance. Especially, when hackers find ways to break into systems despite vast amounts of money being spent to shore up those systems.
Sadly for executives, not being seen to do enough to keep both employee and corporate data safe (as well as any sensitive customer data), is simply not an option. Just look at firms like Talk Talk, who suffered hacks more than once despite attempts to shore up systems between hacks. Then there is the problem of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems being hacked – a truly modern phenomenon.
‘The overwhelming majority of attacks today are carried out by well-resourced, highly motivated attackers who are often accomplished software engineers working for cybercrime syndicates on other continents. Business competitors and nation states are the latest cyberwarfare participants, as the battleground has expanded to include manufacturing facilities, entertainment companies, and critical infrastructure’ comments Sven Schrecker.
It is for this reason that cybersecurity startups like Phantom Cyber are receiving so much funding. Phantom Cyber wants to overthrow the antiquated method of dealing with security manually. Oliver Friedrichs, the company’s CEO, believes that there is never going to be enough security professionals to keep up with the need. Apparently, top executives agree, because Phantom Cyber counts amongst its investors John W. Thompson, former CEO of Symantec, Thomas E. Noonan, former CEO of Internet Security Systems (ISS) and John C. Becker, former CEO of Sourcefire. High profile investors indeed.
‘Around the world we see major players, like the US and Europe, building up their ranks of cyber security talent. Corporates are doing the same. Australia simply does not have enough homegrown cyber security talent to protect our country. We must import it while simultaneously cultivating it here on our own soil.’ commented Carlo Minassian the CEO of cybersecurity company Earthwave last year.
When one considers the fact countries like Australia are calling out desperately for cyber security professionals, and that there simply are not enough around to battle the highly skilled cybercriminals out there, then one begins to understand why automating cybersecurity is so important. The problem is not limited to Australia either, it is the same worldwide, and, unfortunately, University curriculums are not teaching the practical skills necessary to combat the ever escalating problem.
When cybercriminals keep finding ways to get past security measures (often using social hacking techniques such as phishing in order to gain low-level access that is then escalated to administrative level), it makes bosses furious. Particularly, when those executives are aware that trying to shore up their firm’s systems has cost a lot of money, and slowed down the pace of business. For those managers, effective cyber security automation can’t come quickly enough.