WFH Series Finale: What is Cybersecurity’s Endgame?

The Finale in a four-part Work From Home cybersecurity series was recently organised by the Cybots Alliance. The question it wanted to address? What the endgame of cybersecurity for cyber defenders, might be.

Moderator and Cybots Alliance Executive VP, Rodney Lee, kicked things off with a summary of the first three webinars; the first webinar looked at risks and addressed points in an ISACA survey which was conducted during the current coronavirus pandemic.

There was an overall observation that organisations know where attacks are coming from and the counter measures to take, and yet, “many of the organisations that are mentioned in the breach, are still being breached”, Rodney said.

He explained, “These are the people that did all the right things, bought all the right firewalls, all the equipments required… and they even bought in accordance to (recommendations by) the analyst that created the Magic Quadrant.

“From all this, the question to us is ‘How fast can you defend?’

Maybe the answer lies in the delicate orchestration of the 3 Ps of Product, Process and People.

Part two and Part three focused on considerations for visibility and incident response, with visibility defined as the ability to see the threat, secure the threat, and also sense the threat before they even reach our doorsteps.

Rodney observed, “We consider visibility as the key to unlocking the ability to defend.”

But there is such a huge variety of brands, devices, operating systems and the huge volume of logs, reports to do, and Rodney pointed out, “The timeline is too short, there is not enough time to respond.”

The landscape also demands that incident response be Fast (er) than it currently is. For example, Thailand’s new personal data law announced last month requires breaches to be reported within 72 hours of it happening.

End game for cyberdefenders… and end users

With the four considerations outlined as above, what is cybersecurity’s end game?

The line up of panellists comprising REA Group’s Nigel Rodriguez, Sarawak Information Systems’ Dan Fadalini, Cybersecurity Malaysia’s Mohd Zabri, EC-Council’s Maninder Singh and yours truly gave our views to the questions that the moderator posed.

During the discussion, a question came from the floor which segued to the webinar’s Question of the Day. The attendee asked: Have you seen a sudden shift in security priorities? Please explain.

EC-Council’s Maninder Singh and Dan Fadalini from Sarawak Information Systems echoed each other’s response: The focus of cybersecurity should be to minimise impact, respond fast and recover quick. In other words, resiliency. Watch the video here.

Rodney also added, “ Sometimes as cybersecurity protectors or practitioners, we come into the business, we come into our responsibilities with a mindset that is probably wrong. That could be, “We are here to put in the solutions.’

“At the end of the day, we realise that’s not why we are here. We must be able to know the security priorities that we have. Maybe the answer is to stop giving hackers time. As Maninder and Dan said, the endgame is not about prevention… so, could the endgame focus be incident detection?”

And where do the needs of the business and end users come in?

Cyber-defenders have their roles to play, but what do end users say about the cyber risks which they face every day? The popular perception is that end users should do their part and practice at least basic cybersecurity hygiene.

Don’t use simple passwords, always update/ patch your apps, don’t click on suspicious links.

These are just a few of the main hygiene mantras that seem so simple and yet, are quite difficult to practice. For example, how do you tell a secretary or a HR exec or a marketing exec whose task involves emails, to not click in their emails?

With end users’ use of technology so fraught with risks, and navigating technologies akin to navigating a landscape full of landmines, how are these users of technologies supposed to do their jobs?

Does it boil down to more training and more simulations for these users?

Can that help organisations to achieve resilience and enable its users to Fail Safely?

Perhaps, the answer lies in a mindset that prioritises security-by-design. Perhaps, it is not just cybersecurity that is the endgame, but every ‘game’ that has to do with IT, has to Start with cybersecurity.