Blind spots: How cyber defense is like stopping Tim Tebow
CSO - Cyber defense faces a growing disconnect between perception and reality.
There are two main camps in the information security world today, and their arguments can be compared to the recent football debate as to whether Tim Tebow (photo below courtesy of Jeffrey Beall/Wikimedia Commons) can be successful as an NFL quarterback in the long term.
In one camp, we have salespeople, marketers, various security entrepreneurs and "experts" telling executive decision-makers that cybersecurity is straightforward, if you just do it their way. This is strikingly similar to sports pundits who insist that a quarterback with limited passing skills (i.e. Tebow) simply can't cut it against today's sophisticated NFL defenses.
In the other camp, we have self-described pragmatists who in practice often trudge cyber around like Eeyore the donkey, proclaiming that hackers with zero-day exploits not only can get into your systems, but in fact are already there, and will never leave. This group corresponds to Tebow's most ardent supporters. They've made their decision regarding Tebow, and their "he just wins and has a great attitude so ignore the rest" argument seems to trump other measures of success.
[Also see Lohrmann's presentation 7 reasons security pros fail]
I would argue that both camps, in cyber defense as in football, have blind spot--holes in their perception that limit their effectiveness.
Let's look at the Tebow argument a bit more and see what it can teach us about our cyber defense mission.
Team 1: "Cyber Defense is as Easy as Stopping Tim Tebow"
Overheard: "We offer better protection, more peace of mind, and a complete security solution for less money with our new managed 'xyz' product/service." This boilerplate marketing claim makes cyber defense appear as easy as buying a car. All you need to do is hand over the virtual keys to your new trusted security partner!
The more sophisticated members of Team 1 will readily acknowledge past mistakes and security industry product and service failures. In fact, mocking recent tactics by other companies and discussing new global threats facing the cyber defense business is an important part of their intriguing sales pitch.
Nevertheless, they insist that their new offering is somehow different. The pitch goes something like, "We know why that 'their' last product failed to live up to expectations, but we've incorporated a new rigor, new secret sauce, a new approach into our patented solution that are competitors are missing. We've gone back to the basics to uncover the reasons why everyone else lacks what we have."
This group tends to be overconfident with bold victory predictions. "This is really very easy. There is no way that our product or service will fail. We've now figured cybersecurity out."
- Securing Mobile App Data - Comparing Containers and App Wrappers Analysts agree that Mobile Device Management (MDM) is not enough when it comes to securing app data. Although it remains a critical component...
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!