Technology is advancing at a blistering pace, on the one hand making this period of our existence tremendously exciting, but also undeniably daunting. The Rapid7 CEO believes we can regain control.
The explosive progress has placed cybersecurity among the greatest concerns weighing heavy on the minds of business leaders, and now we have reached a point at which no one can confidently confirm impenetrable security.
Subsequently a vast market has emerged, as companies new and old have come forward to offer defensive solutions, with some perhaps capitalizing on the hysteria caused by the promise of impending cyber doom.
The problem however is very real, but hurling expensive new products blindly into the breach cannot be a lasting solution. This theory was expounded upon and explored by the President and CEO of Rapid7, Corey Thomas, during the keynote of the security company’s sixth annual summit, UNITED 2017.
Rapid7 is a security firm that harnesses massive amounts of data to gain insight, providing security and IT professionals with formidable understanding, and influencing their own products.
Cory Thomas said: “How do you think history will judge us? How will they judge us as a cybersecurity industry, as the defenders of our digital lives, as the people that are supposed to protect us even as we adopt and use more technology? Will they say that we faced the challenges of our time with energy, vigour and passion? Or, will the judge us fearmongers?”
“I do not think history will judge us as a cybersecurity industry favourably, but I absolutely believe that things are going to get better. Sometimes, as we think about moving forward, moving forward actually means letting go of our past.”
With technological advances being made so quickly and constantly, organisations have followed in pursuit without updating their integral processes, causing the period of nervous uncertainty and attrition that we are now in the midst of.
“Cybersecurity is hugely and massively important, but it is largely just an outcropping of the fact that the role of technology in our lives has accelerated at a faster rate than we can safely manage it. No amount of magical firewalls or prevention technologies are going to change that fact,” said the Rapid7 CEO.
Thomas believes that real change can be brought about if organisations change their methodologies, and uncouple themselves from old ways that have become deeply ingrained over time.
“I want to talk about three major shackles that have defined our past, but must be destroyed if we are to move forward in a meaningful way. The first, is that we actually for some reason believe that the organizational model that has served us for the last twenty, thirty, forty years in technology and business, can actually meet our future needs,” said Thomas
He went on to further explain the origins of the foundations still upholding many major organisations, Thomas said: “While we do not have to be slaves to the past, in order to respond, in order to change, in order to adapt, it is important to understand why we ended up in this place. You see today’s organisations were created in the business, social and economic context of the 70s, 80s and 90s.”
“For some reason, we believe that the volume of data matters more than the relevance of data. You see it everywhere, people screaming ‘Big Data this, Big Data that’, people collecting ever larger volumes of data, but is it having an impact? They are collecting massive amounts of data at an escalating rate every year, but the results are not changing, the impact is not showing up,” said Thomas.
This is a prime example of a way in which organisations latch on to a process without thinking laterally, without considering a more direct and efficient approach, by which they could minimize the seemingly uncontrollable volume.
“Lastly, and I was one hundred percent guilty of this, we believe that security can be successful independent of IT. This has absolutely nothing to do with who reports to whom. What I am talking about is this fundamental, basic assumption that we can have a successful cybersecurity function in an organization independent of a well-run IT organization. This concept sees us spending gobs and gobs of money on security controls, prevention, and all these other things, even as we are failing at the basics of deploying, updating, and configuring.”
Shedding light on how organisations can reposition once they have thrown off the shackles of the past, Thomas lays out a set of areas that should be focused on to begin a process of concrete cybersecurity progress.
“We need to develop a new set of skills, a new set of expertise, and a new way of thinking about how we actually run and operationalize our businesses if we are to move forward. We are going to have to develop expertise in four areas that we are not strong in today. The first is to master your data, mastery of user experience, mastery of integration, and mastery of automation.”
“Mastery of the user experience is about understanding not jut the needs of the organization, but the types of experiences that make those needs not just achievable, but highly likely. Mastery of integration is about this realization that in today’s world we do not create technologies from scratch, rather we extend, leverage and create experiences from other products and experiences.”
Automation is a growing trend in regards to cybersecurity, as it becomes ever more clear that it is essential for bearing the brunt of the volume, and freeing professionals up to think and act creatively, dynamically and decisively.
Corey Thomas placed a focus on development in automation specifically, he said: “Mastery of automation, this is key, it is about solving the problem that we cannot maintain the technology ecosystem’s infrastructure that we build, therefore, this is one of the few ways that the world should be cheering for us to add automation. Automation allows us to better manage our technology ecosystem.”