“Organizations need to continue to improve their security stacks, observability, patching and response processes to more quickly identify issues before they become persistent.”
As the chief technology officer at Hyas, Dave Mitchell has the unique ability to identify anomalies in nearly any piece of network traffic that other people can’t see. In fact, he notified several companies with Log4j vulnerabilities before they even knew they were involved, he tells Spiceworks News & Insights’ Technology Editor, Neha Kulkarni.
In this edition of Tech Talk, Mitchell notes that a common but unfortunate cybersecurity approach right now seems to be CISOs waiting for the latest cyber threat to be exposed and then rushing to protect their enterprises. “It’s clear this strategy is not working,” he points out. Mitchell sits down for a discussion with the goal of helping the cybersecurity industry get back to basics and understand how to address their security posture holistically.
Here are the edited excerpts from our exclusive interview with Dave Mitchell, chief technology officer, Hyas:
Dave Mitchell, CTO, Hyas
Dave: I believe the challenges remain the same since we’re continually losing to the same attacks over and over. Organizations need to continue to improve their security stacks, observability, patching and response processes to more quickly identify issues before they become persistent.
With the growing number of credential theft attacks via phishing, smishing or malware, I do feel the need for hardware authentication keys (FIDO) is becoming more of a necessity than previously.
See More: Top Cybersecurity Threats in 2022 That Businesses Are Worried About
Dave: Great question – I think there are two real issues here. The first is the common reaction to firing a CISO the minute a breach occurs – it’s impossible for a CISO to really deploy security architectures and processes when their average tenure is 18-24 months.
“Secondly, I believe CISOs are overwhelmed by the number of security products in the market offering to save them from all attacks – there is no such product, and it feels like they don’t know what vendors to trust which precludes them from making significant changes.”
Dave: The cloud is no different than running your own datacentre – the same issues apply, just with more complicated authentication and access controls.
“Misconfigurations are the easiest way to leave a door or window open for attack and this seems to be the most used vector.”
The cloud is only as secure as you make it, and it requires continuous monitoring to verify that the controls in place are working.
See More: Data Breaches Spur Consolidation in Cybersecurity Industry
Dave: AI & ML mean everything and nothing at the same time. While I do believe using ML on targeted datasets can uncover interesting anomalies, neither are going to bring about some security panacea.
“Security operators are and will be critical moving forward and require actionable, contextual data to succeed.”
Dave: Every organization needs a business continuity plan – these plans include all the critical items to restore operations in the event of an emergency, security or otherwise. Backups, both of data and systems/applications and out-of-band access to equipment are just two of the many pieces that go into a real plan.
See More: 7 Cybersecurity Certifications for IT Pros to Uplevel Career in Security
Dave: I believe we’re already at the point of where we need a huge paradigm shift, due to the amount of social engineering and phishing attacks proving that our current MFA solutions are not going to suffice.
“I suspect many more organizations will begin moving corporate and production authentication to hardware-based MFA, like FIDO keys.”
In addition, observability across both managed and SaaS infrastructure will become a necessity, as the perimeter is a continually moving target.
About Dave Mitchell
Dave is responsible for the technical vision at HYAS. His experience, as both a team player and entrepreneur, is first class. He helped build and secure web-scale networks, including TWTelecom, Yahoo!, and Twitter. He also founded Singularity Networks, which was acquired by Cisco in 2019.
HYAS is a valued partner and world-leading authority on cyber adversary infrastructure and communication to that infrastructure. We help businesses see more, do more, and understand more about the nature of the threats they face, or don’t even realize they are facing, in real time. Our vision is to be the leading provider of confidence and cybersecurity that today’s businesses need to move forward in an ever-changing data environment.
About Tech Talk
Tech Talk is an interview series that features notable CTOs and senior technology executives from around the world. Join us as we talk to these technology and IT leaders who share their insights and research on data, analytics, and emerging technologies. If you are a tech expert and wish to share your thoughts, write to [email protected]
How can the cybersecurity industry address their security posture in the coming years? Share your findings with us on LinkedIn, Facebook, Twitter .
Image Source: Shutterstock
MORE ON CYBERSECURITY:
Technology Editor, Spiceworks Ziff Davis
On June 22, Toolbox will become Spiceworks News & Insights