Intelligent CIO Europe Issue 15 - Page 79

//////////////////////////////////////////////////////////////////// t TECH cht TALK lk As long as it continues to be easy for cybercriminals to break in and monetise the attack, it’s just going to increase. Combatting the cybersecurity issue and reaching a final solution We can combat the cybersecurity issue today. The biggest threat in IT security isn’t ATP, it’s apathy. People aren’t taking the right steps to solve this issue. Take WannaCry as an example, it was a massive vulnerability threat and Microsoft warned people before it took effect. A month later, WannaCry hit and people were surprised. Systems weren’t patched properly and the vulnerability targeted these systems. We know the answer, we’re just not doing it. Educating the end-user on potential threats to allow them to contribute to solving the issue We must question whose fault it is if, for example, an end-user clicked on a phishing email. I think end-user education is really important but you’re not going to be able to identify a really clever phishing email. I’ve been in this industry for 20 years and sometimes even I’m not sure. What needs to happen in the industry is that everyone accepts these foundational controls and takes cybersecurity seriously, otherwise it’s just going to continue. We should be making it difficult for cybercriminals to monetise and until we do, they’ll just keep breeding. Top tips for securing an enterprise My top three tips are the same ones I’ve been giving for 15 years: patch your systems; have good passwords; and reduce your attack surface. These are the cyber essentials. Tenable’s customer satisfaction We’re focused on solving one problem; vulnerability. Most vendors in this industry try and go inch-deep, mile-wide. We are 100% focused on fixing the vulnerability issue and we invest all of our resources into doing so. This problem has been around since IT began and has not yet been solved. We have the answer and we are executing on that and our customers love that they’re with us on this journey. Tenable is laser-focused on execution; on solving the vulnerability problem. Tenable’s future in the next year Tenable is really focused on quantifying organisations’ risk and really making that easy. If you don’t know what your risk exposure is, it’s really hard to address it. We’re also focused on measuring – how well are you doing things because you can’t improve what you can’t measure. In the coming months, we’re going to enable all our customers to benchmark themselves. That benchmarking enables you to make decisions. Advice to up and coming CISOs It’s really easy nowadays to fall for the marketing jargon that surrounds cybersecurity. Don’t buy into the hype; focus on the foundation. Measure your effectiveness and make sure you’re implementing those controls effectively. n INTELLIGENTCIO 79