Where are you on the security maturity curve? X-Labs at Infosec19
You may have seen last week’s blog showing how Forcepoint X-Labs is bringing the principles of cognitive science to cybersecurity at the Infosecurity Europe 2019 conference.
During that conference I also had the opportunity to discuss how we are bringing Forcepoint’s human-centric approach to cybersecurity.
Thinking About Thinking: Exploring Bias in Cybersecurity with Insights from Cognitive Science
閱讀報告I sat down with Raef Meeuwisse, ISACA expert speaker and author of "CYBERSECURITY for Beginners" and "How to Hack a Human: Cybersecurity for the Mind", to discuss how organisations like yours can protect data in the cloud.
If you weren’t able to catch the live stream on the day I’ll share a recording at the foot of this blog (refer to the link to "How to protect your data in the cloud").
The conversation began with an update on Forcepoint’s offerings, it’s a little product heavy but we soon got into a discussion of how putting people at the centre of your security strategy can help you to escape the cat-and-mouse game. We call it the cat-and-mouse game as a traditional threat-centric approach means the advantage is constantly shifting between attackers and defenders with both being reactive to each other.
We soon progressed to discussing how machine learning and risk adaptive technologies can offer scale and insights that can help make sense of the modern threat landscape; a threat landscape that demands you consider the risk posed by an insider.
Security Maturity Curve
When you attend such conferences and exhibitions I appreciate it is difficult to prioritise which vendors you should be speaking to. I spoke about a Security Maturity curve to help zoom in on the cybersecurity solutions that might be appropriate for your business needs right now and in the future. Currently you may be using out-of-the-box cloud tools for email only, be adopters of Office365 or you may already have custom applications running on AWS. The challenges you have can be solved with a base-level of solutions. The “basics” that form a security posture 10 years ago are very different to the essentials required nowadays. In years past Web Security, Email Security and a dash of DLP would help fend off threats from external attackers, but in today’s digitally-transforming cloud-based organisations a large helping of CASB, behavioral analytics and risk adaptive protection can help provide the visibility and control necessary.
Our work in Forcepoint X-Labs helps to highlights activities that are a precursor of an attack or accidental cybersecurity incident. If you see security as a positive thing, an enabler for your business and wish to understand how our research projects can optimise security for individuals you can read about our current research initiatives.
My key recommendations from the discussion:
- Examine where you are on the Security Maturity curve (contact Forcepoint to help).
- Perform gap analysis for your existing solutions? What don’t you have visibility and control over?
- Discuss cybersecurity with your Board to identify their requirements and to demonstrate your innovation to escape the cat-and-mouse game.
Panel: Protecting Against Phishing, Ransomware & Social Engineering
Raef also hosted a panel discussion between cybersecurity experts seeking to defend from phishing, ransomware and social engineering. 46 minutes isn’t long enough to capture all of the combined knowledge of the 5 speakers but we touched on the following topics:
- The most prevailing cyber threats businesses face in 2019
- Lessons from cyber attacks and strategies for protecting against them
- Solutions for faster breach detection and response
- Why network visibility is key
- Recommendations for improving enterprise security
We focussed on the challenges that businesses face in locating their critical data and thus protecting it – especially when that data now exists in the cloud or is being transferred to the cloud. We also discussed the value of user credentials and the abuse that might occur from external attackers or indeed insiders (employees, contractors and other third-parties).
I referenced statistics and findings from the Verizon Data breach Investigations Report 2019.
Raef referenced ISACA’s State of Cybersecurity 2019 report.
Our conclusions? Attackers will always attack; user will always make mistakes. Take care to examine the behavior of users to escape the cat-and-mouse game.
FREE Cloud Threat Assessment Report
If you’ve read this far I feel as though I should offer you a free Cloud Threat Assessment to help you identify the cloud-application usage we have mentioned in both discussions. Forcepoint can help you with a free in-depth assessment. You can register here.
Recordings now available
The recordings of the discussions are now available if you didn’t get chance to see them at the show or catch the live stream on the day.
How to protect your data in the cloud: https://www.brighttalk.com/webcast/15683/355183
Panel: Protecting Against Phishing, Ransomware & Social Engineering https://www.brighttalk.com/webinar/panel-discussion-protecting-against-phishing-ransomware-social-engineering/