Each year top CISOs and high-level government officials make the pilgrimage to events like Black Hat and RSA Conference to share their views on the current threat landscape and the state of cyber security. As we embark on this year’s conference season, let's have a little fun and see if we can predict what topics will be discussed on the keynote stages. Here are a few that come to my mind:
“Already massive DDoS attacks are amplified further in ongoing cyber wars”
“Healthcare and critical infrastructure are under increased threat of ransomware”
“API-security is lacking, and software supply-chain attacks are a growing concern”
“Voice cloning and AI-driven phishing and social engineering attacks are the new normal”
“On-premises VPN infrastructure vulnerabilities piling up and being exploited”
And last but not least…the one I hear every year: ”Things will get worse on the cyber front before they get better.”
With challenges like these, it's easy to get caught up in the excitement of future innovations and the promise of new solutions. But amidst the anticipation and speculation of what’s to come, security professionals must stay grounded in the present and remain focused on the immediate challenges at hand.
I often fall into this trap in conversation – tending to look over the horizon and discuss future threats and emerging security capabilities. But, all too often I find the companies I speak with still need help with the basics like web application firewall (WAF) or DDoS protection. Incidents like last year’s record-breaking DDoS attacks and recent high-profile breaches underscore the need for organizations to be fully engaged in their current cyber security efforts. Action must be taken now to protect from the very real threats we face today. Looking too far ahead or waiting for future solutions is not an option. And, the truth is many organizations aren’t executing well on the fundamentals with the technology they already have. With tight budgets and an ongoing cyber security talent shortage, what are the chances teams can effectively add any more to their already full plates?
To enhance cyber security and build resilience in the present moment, companies should prioritize the following 4 key initiatives:
1. Double down on employee security awareness training, and consider incorporating an AI awareness module to keep pace with evolving threats. While training alone won't solve everything, the stakes are simply too high to leave employees ill-equipped to identify and respond to potential threats. The goal should always be to empower employees as part of the solution, not to place blame. Include your board of directors and c-suite, as they’ll be prime targets.
2. Begin to implement Zero Trust principles backed by robust, multi-layered security controls, with a particular emphasis on safeguarding email inboxes from phishing attempts. By protecting users at this common point of entry, the risk of employees inadvertently becoming a vector for attack can be significantly reduced.
3. Retire legacy network devices and security appliances that not only consume precious time and resources to manage but also introduce vulnerabilities to your security stack. Streamline your security tech stack and consolidate vendors to make the most of the likely underutilized capabilities you already have in place.
4. Examine the entire organization to reduce overall complexity, limit the attack surface, and refocus on executing well on the fundamentals of cyber security. Evaluate where resources may be disproportionately consumed by efforts to secure overly complex systems and consider what can be eliminated or simplified.
By simplifying their approach to security and focusing on resilience, organizations can create a more effective cyber security posture that is better equipped to handle current and future challenges.
Don’t get me wrong – attending cyber security conferences is undoubtedly valuable. By all means, go, and use the time to recharge with your team. But it's essential to approach these events with a strategic mindset. Don't get caught up in the vendor hype and speculation about what the future may hold. Instead, leverage these opportunities to reinvigorate the programs you currently have in place and reinforce the fundamentals that are so critical to success.
Successful organizations will strike a balance between dedicating resources to address current challenges and keeping an eye on the horizon, ensuring they are prepared for both today's threats and tomorrow's evolving landscape.
At Cloudflare, we recognize the challenges organizations face in navigating this delicate balance between securing the present and preparing for the future. That's why our security solutions are built with resilience, simplicity, and present-day action at the forefront. We understand that complexity is the enemy of security, which is why our platform is designed to streamline and consolidate security, allowing organizations to build resilience by focusing on the critical controls that matter most.
In an ever-changing world, having a reliable partner by your side can make all the difference. At Cloudflare, we're committed to being that partner – not just for today, but for whatever tomorrow may bring. Let us help you navigate the complexities of cyber security, so you can focus on what matters most: protecting your organization, your customers, and your data.
This article is part of a series on the latest trends and topics impacting today’s technology decision-makers.
John Engates — @jengates
Field CTO, Cloudflare
After reading this article you will be able to understand:
How to balance today's threats and tomorrow's evolving landscape
The importance of simplifying security and focusing on resilience
4 key initiatives to improve cyber preparedness