A panel of experts holding a variety of positions in the industry chatted about security and threat innovations on Thursday at the New York Institute of Technology (NYIT) 6th Annual Cybersecurity Conference in Manhattan.
On the security front, one problem Dell SecureWorks is seeing is attempts by organizations to protect everything the same way – a tactic that, Allison Wikoff, intelligence analyst and security researcher with the firm, said will just not work.
“What is most important to you?” Wikoff asked. “Chances are it will be most important to your adversary too.”
Innovative solutions that focus on rapid response are pivotal to defense, Rob Evans, director of business development for air command and control solutions with Northrop Grumman's Division of Information Systems, said.
“Speed will be the key to achieving the strategic advantage in cyber space,” Evans said, adding later that individuals should never be convinced they are so well-defended that they never have to worry about the prospect of being attacked.
Monique Marrow, chief technology officer of Cisco, agreed, adding that real-time analytics are critical. She said that the best way to keep up with evolving threats is to develop best practices and stick to them.
So, what are those evolving threats?
John Kimmens, senior security director of iconectiv, expressed concerns with cloud security and went on to ask a variety of hypothetical questions: How do I know where my data is? Is my data protected? Who is accessing my data?
Other problems, Kimmens added, include software integrity and insider threats.
Wikoff said that she and her team at Dell SecureWorks have been having conversations about attacker motivation versus intent. She explained that researchers are seeing an increasing number of groups that purport to be hacktivists, but are actually using techniques similar to nation-state actors.
Meanwhile, there is just no denying the human element.
“Humans make mistakes,” Sabine Schilg, vice president of the security division of IBM and moderator of the panel, said. She explained that it is important to have a system in place that helps raise the awareness level, thus minimizing security incidents due to errors.