O’Brien, CEO and Founder GreatHorn
pleasure of moderating a panel discussion at the recent MassTLC Security event,
held at the Federal Reserve in Boston. Scheduled as the closing session for the
day, it was an opportunity to dive into the topic of “Conquering the Next
Frontier” in the cybersecurity space, alongside a fantastic group of
speakers, representing a diverse cross-section of experience, expertise, and
perspective: Kate Driscoll (Chief Compliance Officer of Minuteman Health),
Harold Moss (Senior Director of Security Strategy at Akamai), Chris Zannetos
(CEO of New Light Advisors and formerly CEO of Courion Corporation), and
Sam Bisbee (CTO of ThreatStack).
emerged in our conversation was the idea that security is in transition,
shifting away from being technology-centric and becoming a question of culture,
from end-users through to CISOs. Kate opened this thread up, describing how
Minuteman Health has fundamentally aligned its operations around security and
compliance, a discussion that impacts everything from vendor selection to how
threat data is shared, analyzed, and acted upon.
Chris and Harold both weighed in as well, describing how fundamental shifts in
responsibility such as CISOs increasingly reporting to CFOs were having ripple
effects across the industry; Chris mentioned that regular users and consumers
were being handed a growing degree of responsibility for taking appropriate
action when confronted by modern threats, such as spear phishing and credential
misuse. This evolution in thinking coincides with the democratization of access
to technical resources, the lines between personal and professional devices
continue to blur.
In looking at security in this new landscape, Sam noted how advanced protection
of cloud environments has led many organizations to adopt managed security
models, wherein automated threat identification is coupled with
around-the-clock expertise, dramatically reducing the number and severity of
“unknown unknowns” that threaten critical infrastructure.
In thinking through these points, and taking the liberty of looking ahead, I
believe that the threats modern companies and institutions face will only
become more sophisticated. Even a cursory glance back at 2014 and 2015 reveals
an unending stream of major data breaches, and unlike years past, these attacks
have largely not been initiated with sophisticated malware or low-level system
exploits. Instead, we are seeing that non-technical users are the principle target
for today’s attacks; if we are to remain nimble, we must change not only our
security tools, but also where we chose to focus our attention. Effective
defense means understanding not only where criminals are attempting to break
through our defenses, but also how: by undermining that softest of targets, the
of security is, perhaps, a return to first principles: awareness,
responsiveness, and appropriate protection that defends without impeding the
flow of business.
hear more follow-up and next steps for growth and support of the security
community within the next few weeks.