Today the White House hosted a cybersecurity summit to address the rolling headline-making cyberattacks. According to news reports, the federal government and several major technology companies announced numerous important initiatives including better integrating cybersecurity into their products (Microsoft and Google); improving cybersecurity training (IBM) and developing a new framework for improving cybersecurity for technology supply chains (NIST).
While there has already been some criticism that the event was more symbolic than policy-driven, all of these measures are important steps towards solving the cyber crisis in which we find ourselves.
Now, let’s push this conversation to the next level. We still have a $10.5 trillion problem to solve and need to share our collective industry insights and innovation. As former Cisco Chairman and CEO John Chambers remarked in his interview with Yahoo! Finance today, “The startups are where the innovation happens.”
Public and private enterprise have an obligation to think bigger, innovate faster and ultimately evolve our collective cyber experience. A few thoughts…
Develop a New Mindset: Over the years, the security industry has pushed a mantra – ‘it’s not if you have been hacked, but when you have been hacked’. That might in fact be true. But why do we always stop there? Isn’t that statement a bit defeatist by nature? Let’s overcome this reactive way of thinking about cybersecurity and invest in technologies that deterministically prevent 100% of cyberattacks.
Secure Software: Start implementing security controls in the ideas phase. For software already in production, don’t settle for anything less than zero adversary dwell time. The goal is 100% efficacy and it’s the difference between the exhaustive list of recent cyber headliners and total protection across all of our software.
Optimize Current Workforce: The government needs to hire hundreds of thousands more cyber security practitioners. Don’t stop there. On the other side of this coin lies the need to automate complex and archaic cyber practices, drive out unnecessary human intervention and create an environment of prosiliency. Focusing on optimizing what resources we already have will greatly impact the effectiveness of current government security professionals by reducing complexity and streamlining processes.
Invest in Innovation: The federal government must invest in new, innovative solutions and approaches that challenge today’s cybersecurity paradigm. We’d be hard-pressed to deny the fact that the vast majority of innovation comes from start-ups, not big tech.
Protect Legacy Systems: We still have to protect the base while we innovate in new and exciting ways. Billions of dollars continue to be spent on keeping legacy software systems alive. They’re still a prime target for today’s cybercriminals and that won’t change for some time, so let’s fully protect them—bugs and outdated versions included—while we change our paradigm.
In the meantime, we will continue to follow the expected outcomes of today’s meetings and welcome the opportunity to share our unique perspective in future private-public collaborative endeavors.
Kevin Jones is the VP Public Sector and Corporate Development at Virsec and has deep experience in the cybersecurity and government market. Prior to joining Virsec, he led Public Sector and government strategies in senior positions with CrowdStrike, SkyHigh Networks, Symantec, and Clearwell.