Much consideration has been given to the creation of smart cities in the connected devices era, but Gary Hayslip thinks that security professionals should broaden their perspectives.
Hayslip, CISO of Webroot and an ISACA member, spoke of a wider ecosystem that must be accounted for during a presentation this week at Black Hat USA 2017. The session, titled “Protecting Tomorrow’s Smart Community … Today,” was presented together with Tom Caldwell, Webroot’s senior director of engineering.
“I look at the smart community ecosystem as more than just cities,” Hayslip said. “I look at it as also being corporations. I look at it as being small mom and pop stores. I look at it as even being users now who are downloading and using so many different types of IoT devices. It is a full ecosystem.”
The explosion of connected devices means more and more technologies and networks are becoming intertwined, each introducing new risk and control considerations. One of the most important steps organizations should take is assessing which devices are utilizing legacy systems that could pose major security risks.
“I’ve never run into a network that is all brand new,” Hayslip said. “You’re going to have legacy. It’s just one of those things that you’ve got to deal with. So, if you’ve got legacy, how are you handling it? Are you segmenting it and putting it aside, or is it intertwined with what have on your corporate network? If you can’t segment it, what controls can you put in place to get visibility so you can catch those anomalies?”
Connected devices also are challenging CISOs with the erosion of the physical perimeter.
“I look at my perimeter as basically on my employees’ laptops, on their phones, mobile,” Hayslip said. “From a risk perspective, as a CISO, how do I go in and really understand where my data’s at and how my networks are being used?”
Given the expanding threat landscape, Hayslip said organizations must face the reality that they are going to deal with breaches, and put their emphasis on reducing their impact and moving forward with business. To do so, Hayslip said security leaders need to understand the full life cycle of the organization’s data, not just who is using it and whether it is being backed up.
Hayslip also highlighted the importance of effective communication with third-party vendors so that critical information is swiftly shared when either side is slammed with a breach.
“Is that happening within an acceptable time frame and not 48 hours later?” Hayslip said. “I mean, 48 hours in the life of cyber, you can rule the world in 48 hours.”
Emphasizing the complexity of today’s security ecosystem, Hayslip urged CISOs to draw upon each other’s experiences on these and a variety of other topics, such as how to contend with various cloud environments, which vendors are worth pursuing and how to navigate budget constraints.
Caldwell’s portion of the session dealt largely with the ramifications of AI and machine learning, dissecting use cases involving threat intelligence, endpoint protection and behavioral analytics. As promising as machine learning may be, Caldwell said “the human feedback loop” remains indispensable in ensuring the technology is implemented effectively.