We’re at RSA again today and it’s not just vendor hype or doomsday fear mongering...Winter is coming. Metaphorically speaking, of course.
We’ve been having some fun at RSA with Game of Thrones (yes, that is the Iron Throne in the North Hall of the Moscone Center), but one of the messages that keeps coming through is one that security professionals have been talking about for some time now: Winter is coming. Unfortunately, like the pleas for help and dire warnings that come from the Wall to the seven kingdoms of Westeros, the message has too often fallen on deaf ears.
The RSA Conference is a bit like Winterfell and the Wall. The folks here are the first to see the threats, the first to know about emerging trends, and the first to understand that we’re living and working in an inherently insecure world. Organizations hear about high-profile hacks and breaches in the news (not exactly ravens from the Wall, but close enough), but security has only become a priority after the “year of the breach”. In fact, it’s become a running joke at RSA when vendors refer to 2014 in those terms. Unfortunately, “the year that high-profile data breaches finally made it into mainstream media” just isn’t nearly as catchy.
The problem is that organizations are now scrambling to catch up with sophisticated, aggressive threats that are launched all the time, through countless vectors, and via social engineering that even savvy users fall for. No matter what the flashy booth signage here at RSA would have you believe, there is no single solution.
We’re hearing about encryption, user education, security as a service, slick new appliances, and cloud-based threat intelligence solutions. Endpoint security, cloud security, physical security...you name it. And each of these things has value. But the bottom line is that it 1) takes an ecosystem to secure an organization and 2) we needed to get our acts together on security yesterday (or a few years ago).
So what now? In Game of Thrones, years of war, ignorance, and arrogance have kept many of the realms from putting away sufficient stores of food for a long winter. With autumn in full swing, few will be able to put in more crops or fill their cellars with provisions. It’s simply too late, handily setting the stage for a few more exciting seasons. But this isn’t Westeros and it’s not TV. We may be scrambling, but we can address security in really intelligent ways, building systems and creating environments that our users and customers can trust.
Earlier this week, I wrote about security strategy. That’s a starting point. But the buzz and keynotes at RSA give us clues about the next steps. Incorporating threat intelligence solutions into your security (or ensuring that your vendors and providers do), building security education into your professional development programs, and taking multi-layered approaches to securing networks and endpoints will all bring you closer to a secure environment.
All of these things are true, whether you’re a large enterprise, a non-profit, or a small business, but they all take time and money. Organizations are still weighing whether the cost of the breach or the cost of comprehensive security will have a greater impact on their bottom lines. But if we’ve learned anything from RSA (or the Starks and their family motto), breaches and hacks are going to keep coming. It’s not just the impact of one breach that we need to worry about but the impact of working and living in an insecure environment where the next threat is just around the corner. And where winter is coming.