Credit: Simon Howe
How did you end up in your current role, and what attracted you to the industry?
I started out in IT security more than 20 years ago after arriving in Australia from the United Kingdom. I found the IT industry generally, and security in particular, was booming. I was offered a role at Symantec and I really enjoyed working in the space. Back then, attention was on threats like viruses and worms, but it’s a very fast-moving sector and the threat landscape has evolved considerably, keeping vendors on their toes. I continue to find it a fascinating area in which to work in.
About six years ago, I accepted a position at LogRhythm. I was attracted by the company’s approach to security, focus and leadership in Security Information and Event Management to help organisations detect cyber threats, which has made it best of breed.
What are some of the challenges for security in the cloud space?
We are seeing customers increasingly leveraging the cloud as a resource to support their operations, and this has added a whole new set of challenges to cybersecurity. The particular challenge faced is maintaining the security and visibility of data and applications when these move to a hosted or cloud platform.
However, most of the customers we work with have adopted a hybrid model which comprises a mix of on-premise, hosted and cloud resources. Even in organisations that have a clear cloud-first strategy, they have not reached the 100% mark as yet. The challenge is building effective security defences that can provide the required protection in this mixed environment.
Another challenge comes from the fact that everything is evolving so rapidly. You have new systems and languages appearing and different cloud platforms have to be managed in different ways. This means that the security you have in place also has to be constantly evolving.
Where should IT security channel companies invest and position themselves in the market?
The channel’s role today has changed from the one it has traditionally played. Years ago, your channel partner was your source of information about vendors and their technologies. A channel partner essentially acted as a trusted advisor because it wasn’t as easy for the customer to source that information independently.
Today we are seeing a lack of skilled people in cybersecurity. There are simply not enough to fill the roles that exist, and this has become the new way in which the channel can help. Channel partners can provide the people and expertise that organisations are struggling to attract and retain. As a result, we are currently seeing strong demand for the managed services that channel partners can provide.
How should businesses align information security programs to support their growth and how must security evolve to stay relevant to businesses?
There remains a need to elevate discussions around IT security to the board level, with the underlying discussion being risk-based. Cybersecurity generally is about risk management and so it needs to be aligned with top-level directives and programs that are looking at overall business health and risk. This is critical in ensuring that security receives the attention and funding it requires.
One factor that is helping achieve this elevation is the compliance frameworks such as GDPR and NDBR. These are giving the board reference points that help them understand the value cybersecurity is delivering.
Cybersecurity itself is always evolving because we are continuing to see the threat landscape evolve. It’s not something you can fix once and then not have to worry about it again. In fact, the threats are becoming more sophisticated and can potentially have a larger impact than they have ever had before. For this reason, we have to get better at ensuring that security is part of the board-level discussion and planning about having the best way to protect the business.
How is AI changing the cybersecurity struggle?
Artificial intelligence and machine learning have become a fundamental part of cybersecurity. The technologies enable us to apply more compute resources to examine large quantities of data over a longer period of time. This allows us to obtain more intelligence from that data and ultimately helps us make better decisions.
From a security perspective, this means we can be much faster and smarter when it comes to identifying threats and responding to them. We can reduce our mean-time-to-detect and mean-time-to-respond significantly. The AI and ML tools also allow us to significantly reduce false positives and be more accurate in the decisions that we are making.
AI is also helping to address the skill shortages in the cybersecurity space. It allows threats to be identified and responses made without the need for direct input from humans. This capability is going to become even more powerful as the technology improves and it is deployed more widely.
How does lack of network visibility still plague businesses?
Having clear visibility across your networks, users and endpoints is vital when it comes to having an effective cybersecurity infrastructure. If you are lacking network visibility, you are potentially exposed to threats which use the network as an attack vector and you are going to be blind to those threats. For example, network traffic is one of the first places that we might detect threats such as zero-day malware or data exfiltration.
So, if you are not seeing the network, you are effectively blind when it comes to security. A key part of an effective overall cybersecurity strategy is good network visibility.
Where should organisations be focusing their energy in the current threat landscape? (what are the easy wins?)
It’s interesting that, actually, there are still some easy wins when it comes to cybersecurity. No matter how sophisticated the technology and tools become, we are still seeing some very basic things that continue to be an issue. For example, a recent survey we conducted found that, in the first part of 2019, 41% of Chief Information Security Officers said phishing was still one of their biggest security concerns. It’s amazing but it still seems to be working as an attack vector.
This clearly shows a need for user education which is something that is an easy win as it’s relatively simple to address. Training users not to click on suspicious links or insert USB drives from unknown sources can have a significant and positive impact on overall security.
We have Australia’s Notifiable Data Breaches Act and the global GDPR in place – what do you think have been the benefits and drawbacks against these regulations and others like them?
The bottom line is that it all helps when it comes to improving cybersecurity as they help to raise its profile and help to focus the attention of the board. They also help to make it easier for IT teams to secure the funding they need to get the security tools and services they require in place.
However, while they do this, regulations and requirements should not be regarded as a fix on their own. Simply being compliant with GDPR or the notifiable breach regulations is not the whole answer. Rather, they are a part of an overall cybersecurity solution.