At this year’s RSA Conference in San Francisco, I grabbed some time with Dr. Richard Ford to ask him about his advice for CISOs, how behavioral analytics are shaping cybersecurity strategy, his takeaways from the conference, and to tell us a little bit about his presentation, “Who Watches the Watchers?” Below are the videos along with transcriptions of each.
Advice for CISOs – Share the Load
If I were sitting down with a CISO and had the chance just to share a few thoughts, I think the piece of advice I’d give, the thing that’s top of mind to me, is this is a really, really hard job, and the only way through it is to share that load. As the CISO, often there’s a tremendous burden. You have to deal with digital transformation, you have to deal with letting the business accelerate, you also have to make certain -- in a difficult and complex regulatory environment --that you’re protecting the “crown jewels” of the company, effectively. You’re protecting the employees; you’re protecting the data. So that’s a really heavy burden.
And as everybody knows: How do you pick up something really, really heavy? You find a few friends and you lift it together. As a CISO you have to find those partners in the business. They might not be on the technical side of the house. It could be the chief HR officer or the general counsel or the DPO. Team with them, and let them become collaborators in sharing that load. Because you can’t do it alone.
Indicators of Compromise
Indicators of compromise. Who doesn’t love them? Well, actually, I don’t. Indicators of compromise, or IOCs, are really useful for stopping untargeted attacks or detecting how you’ve been broken into, but that’s after a lot of the bad stuff has happened. That’s why so much of the research I’ve been doing over the last couple of years has been around human-centric behavioral analytics. Because what we can do by studying behavior is not be tied down to specific IOCs which are always lagging the threat, but get ahead of the threat, so when we see those behaviors that are concerning, we can stop, we can step in, and we can provide mitigations to those threats.
It’s exciting, and it finally puts us off the back foot, off that defensive posture, and to somewhere where we’re being more proactive.
‘Better’ Theme at RSA
The theme at this year’s RSA conference is “better”, and I actually really like that. It resonates with me, it reminds me why I got into the security industry in the first place, and I want to do that better. It’s not about numbers, it’s not about ones and zeros, it’s actually about protecting human beings. And when you look at it through that lens you feel very strongly incentivized to do your job better.
That applies not just to the people who are on the front line of security and the title, but on every end user who’s involved in using sensitive data, because we all need to do a little bit better, and we need to start that inside the industry first. Because if we don’t do better, our users can’t do better.
Who Watches the Watchers?
When we think about theft of corporate data, we often think about an outsider coming and stealing it. But in fact, one of the most likely ways it happens is an insider taking that data. And that’s doubly complicated when it’s an insider who uses that data every day. Fortunately, there are some pretty good solutions, because as human beings we’re quite predictable.
Humans often display red flags for fraud, for example. One of the classic ones would be an employee who appears to be living well beyond their means. Using analytics to detect those red flags we can actually get in front of the threat, and protect that data, while also being respectful in how we’re monitoring our employees in what we do with those systems.