How do you close the doors in an open world? Any critical infrastructure of any kind, hardware or software, must now be seen through the lens of vulnerability. Putting on this lens at Confluence was a panel of cyber defenders: Thomas Leen, CISO, BHP; Tony Baird, CTO, Vodafone NZ; and Vishal Salvi, CISO, Infosys. The moderator for this traversal of the cyberscape was Greg Adamson, Associate Professor & Enterprise Fellow Cyber Security, University of Melbourne School of Engineering.
What emerged from scrutinising the state of the security art was the need for balance. While new sophisticated threat actors and vectors pose a different kind of danger, there are bigger dangers lurking within the enterprise: ignorance and legacy. So be paranoid about what's surfacing, but never take your eyes off the basics.
Key Takeaways
Expand your net to the expanding attack surface
The rug has been pulled off the operational world that was historically immune to cyberspace. In the IoT world, there’s a threat looming wherever there’s a connection. Oil pipe to data pipeline, the IT-OT unification requires a convergent security strategy.
The toughest times is the right time to rebuild
If there’s an optimistic viewpoint to a rapidly growing threat landscape, it’s that legacy will finally be put aside. Enterprises can fix all the foundational problems in their network with a new architecture, designed with a stronger armour than before.
Breaking the awareness barrier across the board
Is everyone taking cybersecurity as seriously as they can? From the salesperson who brings their own device to the shop floor manager who uses a maintenance app, everyone needs a crash-course in cybersecurity. Well-aware is well-protected.
Don’t wait for the threat to come to you
One the biggest shifts in the realm of threat intelligence is for businesses to actually go threat hunting and get deep visibility of what's happening in their network. New protocols must be designed with deep insight, quick visibility and immediate remediation.
Increasingly cyber-attacks are not so targeted, and it is indiscriminate. You don't need to really be a target to be a victim.
