When CSO and Check Point partnered to create a security thought leadership event for C-level executives, we had high hopes. Yesterday, November 18, those hopes were exceeded as about 200 people gathered in New York City. The purpose: to help today’s security leaders share the most current thinking and learnings to stay one step ahead of cyber attackers. We heard from Joel Brenner, former head of US Counterintelligence, who set the stage for what the threat landscape looks like. Check Point President Amnon Bar-Lev shined a light on how the common practice of investing in reactive threat solutions over proactive solutions actually costs us more in the long run. Today, the market spends $12B for reactive and only $0.6B for proactive. What’s more, only 0.1 percent of enterprises are consuming threat intelligence services; and only 1 percent of them are using technologies to prevent zero-day attacks. Meanwhile, the mean number of days to resolve cyberattacks is 46, with an average cost of $21,155 per day. That adds up to $973,130 over that 46-day period. If that doesn’t underscore the need to stay one step ahead, I don’t know what does.
In addition, Chris Tarbell, a former FBI agent, captivated everyone with stories about his experiences tracking down Anonymous and the man who was responsible for the dark web site Silk Road, known as Dread Pirate Roberts. We also heard from other cyber leaders and incident response experts who walked through the forensics of actual cases. Julia King, contributing editor for CSO, moderated the event and wrapped up the day with a fabulous Top 10 list that captured all of the day’s highlights.
The Julia King, Contributing Editor, CSO Top 10 List of Takeaways from CyberDay 2015
10. If he's wearing cargo pants and he has a haircut like mine, you can be pretty sure he's a federal agent. (Chris Tarbell)
9. Audit your network logs. Look back. Learn from your mistakes.
8. Don't be the low-hanging fruit. Remember the visual of the car thief going down the row of vehicles, checking each door handle for the one that was left unlocked.
7. CFOs are walking bulls' eyes. They're the biggest target in the enterprise.
6. Have a plan and practice your plan. Learn from your mistakes and adapt your plan continuously.
5. Security must be built to the way business is done. Educate your employees, your executives and your boards of directors.
4. We've lost control of our perimeter. With mobile, cloud and IoT, there really is no defined perimeter. Network segmentation is absolutely necessary. So is data segmentation. Everybody doesn't need to know everything.
3. Cyber crime is an equal opportunity phenomenon. No company and no industry is immune, especially with the rise of industrial espionage. Don't kid yourself -- someone wants your data.
2. Operational technology runs on IT. The problem goes deeper than PII. The Internet of Things will only exacerbate this issue. Beware the IP-enabled toaster syndrome.
1. Encryption is absolutely, no question, without a doubt mandatory.
CyberDay attendees came from far and wide, including South America, Israel and throughout the United States. All major vertical industries were represented, including finance, law, hospitality, retail, advertising and media, healthcare, transportation and government—including the United Nations. It’s clear that the increasing intensity and presence of threats is giving rise to a community of security practitioners who truly are seeking ways to stay one step ahead.