secure connection or cybersecurity service concept of compute motherboard closeup and safety lock with login and connecting verified credentials as wide banner design with copyspace area - Generative AI

The State of the Industry With Security Expert Matt Johansen

April 30, 2024
Written by
Ed Bailey's Image

Ed Bailey is a passionate engineering advocate with more than 20 years of experience in i... Read Morenstrumenting a wide variety of applications, operating systems and hardware for operations and security observability. He has spent his career working to empower users with the ability to understand their technical environment and make the right data backed decisions quickly. Read Less

Categories: Learn

In this livestream, I talked to security expert Matt Johansen, a computer security veteran who has helped defend everyone from startups to the largest financial companies in the world. We talked about the current state of cybersecurity, why attacks are on the rise, and what can be done to prevent threats in the future. Matt’s blog covers the latest news in cybersecurity and also touches on mental health and personal growth for tech professionals.

Even though cybersecurity has gotten significantly more advanced over the last decade, in a lot of ways, we’re still failing at the basics. Threat detection and response capabilities are infinitely better than before, yet we’re seeing more successful breaches each year.

So, if enterprises are investing more than ever in cybersecurity, why are cyber attacks still on the rise?

Uncertainty Around Which Vulnerabilities to Prioritize

One reason that the improvements aren’t reflected in the statistics is that it’s not all that clear which vulnerabilities should be fixed first.

Many organizations rely on the Common Vulnerability Scoring System (CVSS) when they might be better off throwing a dart at their pile of vulnerabilities to try to find out where they’re most susceptible. For example, a vulnerability with an exploit in Metasploit may be a better predictor of use in a future data breach since attackers don’t need to write their own buffer overflow or reverse shell.

Inconsistencies Across Organizations and Industries

The talent gap is also a big issue. Even organizations that you think would have access to the top of the security talent pool are struggling. Last September, two casinos in Las Vegas were both hit with the same attack, by the same threat actors, in the same week, and then issued a ransom — MGM was able to shut it down quickly, but Caesars ended up paying $15 million.

Shifting Attention to High-Stakes Targets

Threats these days are often directed at soft targets with high stakes and a lot of data sitting behind them. You’ll see ransomware get deployed at hospitals and schools because attackers know that threatening to take an entire hospital offline means an increased likelihood of a payday.

More Sophisticated Attacks Are Difficult to Prevent

In some cases, attacks are getting more sophisticated — like when hackers stole a digital key from Microsoft and gained access to US government emails. Attackers are on the same trajectory as the people trying to deter them. We’re all learning new tricks and getting access to better tooling at similar rates.

Increased Interconnectivity Exposes Organizations to More Risk

In the past, enterprises typically only had their internal apps and a handful of customer-facing ones. Fast forward to today, and it’s not uncommon to have hundreds, if not thousands of SaaS apps that employees use to complete their day-to-day tasks.

With additional apps comes the sharing of more information with outside vendors that would normally have only been in-house. Even authentication services have become SssS services — so when one account gets compromised, attackers can get access to all of the internal boxes, databases, and apps that one account is gating. Turning off access to all of these different pieces is a struggle, even for the best security admins.

Data Chaos Is on the Rise

Security has another big problem — data is growing at a 28% CAGR. It’s a struggle to manage high-volume, high-velocity data. Storage is a nightmare, and bad data ends up driving bad detections. Threats get lost in endless lists of alerts, and if a breach does occur, investigating the incident distracts admins from other important tasks and ends up costing a significant amount of money to reprocess and dig through any relevant data.

This is such a big problem, that when Microsoft’s incident occurred, they didn’t even have the logs they needed to look through. Microsoft not only has one of the best security teams, but they’re also a storage provider themselves — if they aren’t able to manage all their data, how will the rest of the industry handle it?

Security by Default Can Reduce Risk

Traditionally, security teams are the ones running tools, finding problems, and sending PDFs over the fence with a list of things to fix. Whether it’s done in house, or by a consulting shop that just hands over the pile of problems they found, the process has always been pretty detached from the actual team building the products, moving the money around the business, or managing the data.

Security can’t just be the job of the security team, it needs to be part of everyone’s day-to-day job. To be able to identify vulnerabilities earlier in the SDLC, the easiest, cheapest, and fastest way to do things also needs to be the most secure way. You need to make security part of the developer experience so that you aren’t constantly fixing and fixing security vulnerabilities later.

Organizations need to think about how to build guardrails and pave the roads to production so security is baked into everything an organization does. It takes an investment in both technology and culture.

Can your developers push new code and fixes quickly, or is there a system in place with six-month release cycles that slows that process down to a crawl? Does the rest of the organization feel like they have some ownership in security? Every time someone opens an email and decides whether or not to click a link, they’re making a security decision for the organization.

Build the foundation for security from the ground up so you can spend less time being reactive and fighting fires — you’ll be less likely to encounter problems down the road.

 


 

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

.
Blog
Feature Image

Cribl Stream: Up To 47x More Efficient vs OpenTelemetry Collector

Read More
.
Blog
Feature Image

12 Ways We Sleighed Innovation This Year

Read More
.
Blog
Feature Image

Scaling Observability on a Budget with Cribl for State, Local, and Education

Read More
pattern

Try Your Own Cribl Sandbox

Experience a full version of Cribl Stream and Cribl Edge in the cloud with pre-made sources and destinations.

box

So you're rockin' Internet Explorer!

Classic choice. Sadly, our website is designed for all modern supported browsers like Edge, Chrome, Firefox, and Safari

Got one of those handy?