Singapore: In the wake of the increase in cyber security attacks, RSA’s President Rohit Ghai took the stage at the opening session of the RSA Conference in Singapore on July 26 and underlined the need for a change in the approach to security. He said, “The threat landscape in unprecedented. Today’s cybercriminals are bolder than ever and they almost never get caught.” RSA is the security division of Dell EMC.
By 2020, there will be more than 50 billion devices, and with the increase in the number of connected devices, there will also be an increase in security issues.
“In the next 10 years, a trillion plus lines of code will be written by organisations who have written zero lines in the past. These organisations include companies that make toasters, pacemakers, trucks and sell insurance. What we protect now resembles an ever changing complex living organism,” Ghai added.
Reiterating the need for change, Ghai explained that the answers to these security issues lie in business driven strategy as cyber security is now a business problem. “The board of directors, the policymakers, and the regulators now want to participate in making the security infrastructure,” he added.
Ghai believes that organisations should now shift focus from threat management to risk management. “We are outnumbered, so we must band together – both humans and machines. We need to pay attention not to just the technology of defense, but to the psychology of defense. The advantage that we have is our knowledge of our business context. That is the sense of idea behind business driven security. In a world where the enemy is strong, business driven security can give you the precision advantage,” he said.
“We have to get closer to other IT teams to sediment security into the infrastructure to make it more resilient. We need to give our machine learning and AI systems a headstart by feeding them with what the IT provisioning and system management tools already know. By acting precisely, we can manage risk,” Ghai added.
He laid down three areas of interest that security professionals should look at to bring about a business driven strategy:
Language: To engage the business team, information security officers need to use a language that the stakeholders can identify. There is a communication ‘gap of grief’ between business and security teams, Ghai highlighted. “All business leaders want to translate cyber risk into business risk. We need to use business language to communicate to them,” he said.
Prevention and personalised strategy: Move away from one size fits all and have a personalised approach that is unique to the organisation as everyone’s needs are different, Ghai explained.
Participatory approach: Ghai said this will bring about more engagement and make sure we are on the same page as our business stakeholders.
Dr. Hugh Thompson, Chief Technology Officer, Symantec also addressed the audience on how analytics can transform security. “If we get very good at analytics, we can start to build tech that can truly adapt around a human being.”
Thompson explained that analytics can transform IoT security, incident response and, security at work & home. “If we get very good at analytics, it can help in the identification of a potential attack by identifying conditions that will make an attack likely,” he said.
Chris Carlson, VP of cloud security, Qualys, underscored the need for organisations to make a big shift to secure digital transformation and for security leaders to integrate with DevOps. “By shifting time, techniques, and tools, you can change the landscape to create business value,” Carlson added.
“Organisations are about to go on mind-blowing digital adventure. Our goal is not to avoid adventure, but to make sure we are vigilant,” Ghai concluded.
The writer was hosted by RSA Security in Singapore.