
A New Battle Plan for Defeating Cyber Threats


Enrique Salem, MD, Bain Capital Ventures
The bad news is that cyber security threats are at an all-time high, but the good news is that security awareness is too. It has the attention of every boardroom in the country; the awareness around security is the highest I’ve seen it during my nearly 30 years in business.
So, what does that mean for CIOs and CISOs? Most importantly, more awareness means more dollars in the budget dedicated to security. The numbers reflect that. Global IT security spending will grow from $71.1 billion last year to a record $76.9 billion in 2015, according to Gartner.
Rising budgets are also leading to the creation of next-generation security companies with innovative and effective solutions. Not all of them will survive of course. But the best security startups could one day save your business.
After all, cyber thieves are getting more aggressive and sophisticated. They’re well-financed, well-equipped and highly motivated. When it comes to hackers gaining access to your network, it’s not a matter of if, but when. Despite your best defenses, you can’t keep 100 percent of them out 100 percent of the time.
How good are hackers these days? Well, according to the 2014 “M-Trends Report” from Mandiant, the bad guys are inside a target network for an average 229 days before they’re discovered. That’s a lot of time to root around and wreak havoc.
So what should CIOs and CISOs do? Raise the white flag?
Never. Instead, you need a better game plan. Simply locking down the perimeter—and praying no one gets in—is no longer a reasonable security stance, especially as organizations move toward more openness.
A better way to control the problem is by quickly finding and defeating those that do get in. As the attackers get more pernicious, you need better defenses to get them. Those stronger defenses are out there in the form of cutting-edge security companies that attack the problem in new and exciting ways.
But let’s take a step back for a moment. Before technology even enters the conversation, companies first need to change the way they think about security. Ideally, they want to prevent attackers from accessing their network. But enlightened security professionals have resigned themselves to the fact that determined hackers will find a way in.
The initial step in any successful security strategy is to decide what needs to be secured and from whom. What data is vital to your enterprise and who should be allowed to access it?
Start with the 1 percent. That’s the 1 percent of information that should only be accessed by the top people at the company, strictly confidential and never to leave the on-premise data center. For example, a pharmaceutical company with a new range of innovative drugs. Those drug formulas might have cost billions of dollars to develop. They could be a breakthrough that fuels company growth for years to come and they must be protected at all costs.
Now CISOs and CIOs must focus their energies on a security strategy that can detect intruders once they are inside. They need detection systems that have few to no hardcoded rules to try and determine anomalous behavior. Any system that is exclusively ruled will be compromised, because the bad guys will figure out the rules and work around them.
“The initial step in any successful security strategy is to decide what needs to be secured and from whom”
Another strategy to use is deception. Deception is the notion that if someone does break into a company’s network, that it can draw him or her to a target that looks valuable, like a database full of credit card numbers, but is really a decoy. When bad actors attack it, they’re busted. We just funded a company—Attivo Networks—that works this way. There is a lot of innovation that can be deployed using this method and I continue to look for additional solutions in this area.
Organizations need to protect information, but they can’t just lock down all their data. After all, the modern enterprise needs to put apps and data in the cloud to enhance productivity and speed competitive advantage. The reality is that the vast majority of data—pretty much everything—is going to migrate to the cloud including the 1 percent or the most critical data. That’s why I’m also looking at security solutions that help monitor, control and protect data that lives in the cloud. I’ve invested in a company in this space that helps organizations move their applications and data to Amazon Web Services, while giving the total visibility into hundreds of different security risks and vulnerabilities.
As an investor, there’s never been a better time to fund security startups. Yes, the bad guys are getting smarter, but so are startups that are determined to stop them cold. And now that cyber security has the full attention of the boardroom, CIOs and CISOs are in a better position than ever to take action.
Featured Vendors
THETA432: Performance, Precision, Efficiency, Visibility - The Key to Incident Response and Answer to the Talent Shortage
EveryCloud Technologies: Delivering Powerful Email Filtering Services" title="Graham O'Reilly, CEO & Co-Founder" style="float:left; margin-right:10px; margin-bottom:20px;" width="60px" height="50px">
EveryCloud Technologies: Delivering Powerful Email Filtering Services
Onepath: A Responsive Info-Security Management Framework – the easier way to dramatically improve your overall info-security posture
Covenant Security Solutions, Inc.: Revolutionary Solutions to Mitigate Security and Compliance Risks
EDITOR'S PICK
Essential Technology Elements Necessary To Enable...
By Leni Kaufman, VP & CIO, Newport News Shipbuilding
Comparative Data Among Physician Peers
By George Evans, CIO, Singing River Health System
Monitoring Technologies Without Human Intervention
By John Kamin, EVP and CIO, Old National Bancorp
Unlocking the Value of Connected Cars
By Elliot Garbus, VP-IoT Solutions Group & GM-Automotive...
Digital Innovation Giving Rise to New Capabilities
By Gregory Morrison, SVP & CIO, Cox Enterprises
Staying Connected to Organizational Priorities is Vital...
By Alberto Ruocco, CIO, American Electric Power
Comprehensible Distribution of Training and Information...
By Sam Lamonica, CIO & VP Information Systems, Rosendin...
The Current Focus is On Comprehensive Solutions
By Sergey Cherkasov, CIO, PhosAgro
Big Data Analytics and Its Impact on the Supply Chain
By Pascal Becotte, MD-Global Supply Chain Practice for the...
Technology's Impact on Field Services
By Stephen Caulfield, Executive Director, Global Field...
Carmax, the Automobile Business with IT at the Core
By Shamim Mohammad, SVP & CIO, CarMax
The CIO's role in rethinking the scope of EPM for...
By Ronald Seymore, Managing Director, Enterprise Performance...
Driving Insurance Agent Productivity with Mobile and Big...
By Brad Bodell, SVP and CIO, CNO Financial Group, Inc.
Transformative Impact On The IT Landscape
By Jim Whitehurst, CEO, Red Hat
Get Ready for an IT Renaissance: Brought to You by Big...
By Clark Golestani, EVP and CIO, Merck
Four Initiatives Driving ECM Innovation
By Scott Craig, Vice President of Product Marketing, Lexmark...
Technology to Leverage and Enable
By Dave Kipe, SVP, Global Operations, Scholastic Inc.
By Meerah Rajavel, CIO, Forcepoint
AI is the New UI-AI + UX + DesignOps
By Amit Bahree, Executive, Global Technology and Innovation,...
Evolving Role of the CIO - Enabling Business Execution...
By Greg Tacchetti, CIO, State Auto Insurance
Read Also
COVID-19 Creates a Myriad of Compliance Challenges for Employers
Challenges that Compliance Officers face Today
Risk Exposures and How to Tackle them
Creativity Overcomes Scarcity
Putting The Customer At The Centre Of The Energy Transition
The Rise of Algorithmic Trading In The Power Sector
