CIOs and CISOs must work harder to innovate on measures to counter new cybersecurity threats. This is the claim of several senior names from the tech vendor community following calls from US President Joe Biden for enterprises to do more to tackle cybercrime.
Against a backdrop of steadily rising ransomware attacks and other cyberthreats, the Biden Administration recently called a White House summit to address the issue. The event brought together a range of companies, including insurers, banks and energy businesses, as well as big names from Silicon Valley. Biden used the occasion to urge the private sector to prioritise cybersecurity as a central part of efforts to maintain business continuity.
“Recent attacks have underlined the need for more concerted action across industries,” he said. “Cybersecurity is a security and economic security imperative for this Administration and we are prioritizing and elevating cybersecurity like never before.”
Biden’s plea has been widely welcomed by leading names across the cyber protection ecosystem. “Do CIOs and CISOs need to be doing more to innovate in the face of mounting security threats? Absolutely yes,” said Tom Kellermann, head of cybersecurity strategy at VMware. “Given the new threat landscape we all find ourselves in, CISOs should be elevated to directly report to the CEO so that the defensive mindset truly begins at the top.”
Kellermann said he is pleased to see organizations beginning to prioritize cybersecurity, but added that it should come as no surprise that defenders are struggling to counter today’s complex attacks: “Despite their best efforts, gaining visibility into new environments such as the cloud, containers, and business communication applications is proving to be an uphill battle,” he said. “Maintaining cyber vigilance within an organization will be key for CISOs to protect their environments properly.”
Gail Coury, Senior Vice President and Chief Information Security Officer with F5 Networks, agrees that innovation is critical to maximise protection: “We’re expanding our advanced AI and analytics capabilities to enable our customers to adapt quickly to changing threats while not having to rely on human intervention,” she commented. “This dual approach will help accelerate new ways of securing and enhancing the performance of every application, across any cloud.”
TK Keanini, Chief Technology Officer with Cisco Security, said he believes the COVID crisis has been an important driver of new enterprise thinking on security: “The idea of Zero Trust, which was largely academic prior to the pandemic or popular within niches, is now a reality,” he pointed out. “Zero Trust architecture is the new way forward. And it fits the new way we will all be doing business. The Internet has become the network, the cloud the data centre, and identity is now the new perimeter.”
Kellermann of VMware added that there are some specific areas of innovation that he believes are critical and which can be tackled immediately: “First and foremost, security needs to expand across all workloads, containers, and Kubernetes environments,” he explained. “Applying micro-segmentation slows down the adversary’s ability to move laterally within the organization, which has the ability to cause extensive damage. It is also important that security teams have the ability to track adversaries on the move. Today’s attacks do not have a distinct beginning or end, with many adversaries conducting reconnaissance to learn as much as they can about organizations while moving covertly throughout a target’s network. Implementing just-in-time administration and multifactor authentication on all external assets can significantly reduce this risk. Lastly, CISOs and security leaders must activate a weekly internal threat hunting program. If implemented across all employee devices, this program can detect behavioral abnormalities, as adversaries can maintain in an organization’s system for an unknown amount of time.”
Some of the world’s biggest tech companies used the White House summit to announce major spending on innovative methods for securing tech systems, while stepping up efforts to address a severe talent shortage in the cyber protection industry. They included:
- Apple which announced it will establish a new program to drive continuous security improvements throughout the technology supply chain
- Google announcing a budget of $10 billion over the next five years to expand Zero Trust programs, help secure the software supply chain, and enhance open-source security
- IBM pledging to train 150,000 people in cybersecurity skills over the next three years
- Microsoft investing $20 billion over the next five years to accelerate efforts to integrate cyber security by design and deliver advanced security solutions
Responses