A National Cybersecurity Action Plan is a Serious Priority

We cannot allow this slow economic bleed of our economy to continue. It slows down and even reverses living standards. We simply cannot invest billions into research and development and have it siphoned from us with a few clicks. There is no justifiable reason to let this happen anymore. Smart and competent people have been sounding the alarm bells for some time, but they need more voices to back them.

Expectedly, our cybersecurity issues are growing.  We say expectedly for a variety of factors including, but not limited to: size and scope of breaches, increasing costs that cannot be accurately estimated or predicted, a proliferation of technologies and abilities, and geopolitical tensions. Given current conditions, we do not see a particularly bright future if our current cybersecurity strategy remains more or less constant.

What is our current strategy? In short, it is the accumulation of a lot of expensive toys to hold together decaying infrastructure, along with a healthy dose of the putting aside or worse, ignoring, the basics. In short, we look to more technological solutions, but we avoid the single greatest problem: our decisions. The growing track record of failures demonstrates that this “technology-heavy” approach is not working.

The underlying problem with this strategy is that it is simply untenable unless there is some revolutionary technology that completely changes the landscape. And while we do think artificial intelligence and quantum computing will be game-changing, we do not necessarily believe they will solve all our problems. Poor handling and implementation of these two technologies may, in fact, accelerate our demise. Therefore, we cannot continue to throw what limited resources we have at supposed technological wizardry, fixes, and repairs when the root of our deepest problems are inherently insecure systems, poor maintenance, and social engineering. Continue reading “A National Cybersecurity Action Plan is a Serious Priority”

Three Lessons From Test-Driven Development

“If it’s worth building, it’s worth testing. If it’s not worth testing, why are you wasting your time working on it?” — Scott Ambler, Enterprise Agile Coach

In 1999, Kent Beck’s “Extreme Programming Explained: Embrace Change,” became an inspiration for rethinking the way software was developed. Three years later, his “Test-Driven Development: By Example” further elaborated on the need to reconsider the way software is planned, how teams operate and, most importantly, the way software is tested. To date, there are over 170 books on Amazon about test-driven development (TDD). Continue reading at SecurityIntelligence.com

Using Cognitive Security to Fight the Cybersecurity Borg

We are the Borg. You will be assimilated. Resistance is futile.

Organizations today find themselves in a situation not unlike that of the Enterprise crew in “Star Trek.” They are facing a formidable, technologically advanced enemy capable of taking over key components of the organization. In one episode of “Star Trek,” in fact, the Borg collective takes control of Captain Jean-Luc Picard himself, to the horror of his crew. Continue reading at SecurityIntelligence.com

Pivoting Toward Cognitive Security: Benefits and Challenges

Are you ready for cognitive security?

The world we live in today presents enormous challenges and opportunities. Even though organizations have improved their security posture, attackers are still making quick work of getting in and stealing stuff.

Security leaders point to the incremental improvements they have made to increase their incident response capabilities and response times. But while defenders are making progress, albeit slow progress, attackers are keeping ahead, both in terms of attack frequency and their ability to evolve their approaches to thwart defenses and responders. Continue reading at SecurityIntelligence.com

Cognitive Security Key to Addressing Intelligence and Accuracy Gaps

“Security analysts are expensive resources. In many organizations, they are overwhelmed with work. Alerts are triaged so that only the most serious get worked. Many alerts don’t get worked at all. That means that some security incidents are never investigated, leaving gaps in threat detection.” — Joseph Blankenship, Senior Analyst at Forrester Research

According to a recent report by IBM’s Institute for Business Value (IBV) titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System,” security leaders hope to employ cognitive solutions to address a speed gap, an intelligence gap and an accuracy gap when it comes to their ability to detect, analyze, respond to and recover from security incidents. Continue reading at SecurityIntelligence.com

The Role of Cognitive Security in Addressing the Incident Response Speed Gap

“The number one challenge for security leaders today is reducing average incident response and resolution times.” — IBM IBV Cognitive Security Report

In November, IBM’s Institute for Business Value (IBV) released a report titled “Cybersecurity in the Cognitive Era: Priming Your Digital Immune System.” The report provides insights gleaned from a study of over 700 security leaders from across the globe and seeks to uncover the security challenges organizations face, all while shedding light on how to address them. The study also evaluated the impact of cognitive security solutions and gauged the industry’s current level of readiness for the oncoming cognitive era. Continue reading at SecurityIntelligence.com