This is Not Another 2020 CISO Trends Piece

This is Not Another 2020 CISO Trends Piece

by | Feb 18, 2020 | CISO

Microsoft Chief Security Advisor and former Coca-Cola Company CISO, Jim Eckart, spoke at Kudelski Security’s Sales Kick Off in January. Below is a summary of his presentation.

Every new year brings a glut of articles on industry predictions and with it, inevitable questions from the board about how the CISO will address (all 42 of) them. The real challenge in building a credible program is less about correlating program to trend but more about a fine balancing act. The CISO must referee between the IT department that drives procurement, technologists who want to buy the latest best-of-breed and their own perennial mission to get basic sound security practices in place.  Against a backdrop of a more complex, fragmented technology landscape, below are some core challenges and observations about the security trends that will stay the course.

The Rise of AI and Machine Learning

If harnessed intelligently, the power of AI and machine learning will drive significant value to the CISO, helping remove complexity, risk, and build resilience. Regulatory compliance will become easier to prove and achieve because the identification of risky behavior will be automated. CISOs will have more accurate and universal visibility of incidents; the exponential rise in threats will continue apace and it will be machines that help separate signal from noise and trigger incident response and remediation actions. Talent shortage is a reality, yes, but AI and machine learning will help mitigate the impact.

Best-of-Breed vs Technology Integration

Best-of-breed security infrastructure is complex and growing exponentially. With the growing array of technology, security staff often end up working to support platforms rather than doing security. This is not sustainable for obvious reasons (talent gap, notably) and will drive demand for integrated platforms that facilitate technology consolidation.

Innovation and the Cloud

DevOps and agile are enabling developers to wander off the ranch. With speed to market being the common mantra, developers can end up provisioning hardware incorrectly. This has driven the types of policy-based capabilities that you find in cloud offerings like AWS and Azure, enabling developers to get it right the first time and get it within policy. The benefit gap between cloud and on-premise will widen. With the cloud, CISOs will more easily be able to remediate incidents – everything from updates and patches to endpoints and servers can be pushed or spun up quickly on tap.

From Cybersecurity to Cyber Resilience

In a nutshell, 2020 is all about moving from a narrative of cybersecurity to one of cyber resilience. CISOs will look to remove complexity and get back to basics. And behind it all, we can expect to see Cloud, AI, and machine learning occupying center stage.

Ryan Spanier – Interview with CNN Money Switzerland on Blockchain Security

Ryan Spanier – Interview with CNN Money Switzerland on Blockchain Security

by | Nov 20, 2018 | Blockchain

Blockchain is full of superlatives. The most verifiable, most immutable, most 21st century way to transfer value.

But one of the most widely used superlatives to describe this technology is “most secure.” The idea that blockchain technology finally has a resolute answer to the age-old challenge of secure transactions has an eager audience.

So, Ryan Spanier’s interview with Eléanor Payró of CNN Money Switzerland is timely as he unpacks some of the issues around blockchain security.

 

To summarize:

  • Blockchain networks are hackable. Beyond standard software vulnerabilities, the trust model of a blockchain network can be attacked through a “51% attack.” The goal of this attack is to control the majority of the resources/stake on a blockchain network. If you control the majority, you can define what truth is on the network.  For cryptocurrencies, this can result in double spend attacks. Large blockchain networks, such as Bitcoin, are less vulnerable because they require the co-option of significant resources, which soundly outweigh the rewards earned from mining. Check out crypto51.org to see how expensive it would be to acquire 51% of the top cryptocurrency networks. However, other alt-coin networks could be attacked with less than $1,000.
  • Blockchain networks also rely on the security of the users. For example, a user needs to secure their private key themselves. If this key is exposed, then an attacker assumes the identity of the user to e.g. spend money from their wallet.
  • Secure smart contracts are extremely complex and difficult to develop.

Pressure to shrink time-to-market, the complexity of technology and the lack of a mature blockchain software development library and SDKs as a reference, all contribute to the introduction of vulnerabilities.

Find out more about Kudelski Security’s crypto assessment services, algorithm design and implementation, and custom development.