At RSA 2018, TruSTAR co-founder Patrick Coughlin had the opportunity to moderate a series of panels in partnership with The Wall Street Journal and Highwire PR. We sat down with some of the industry’s most interesting leaders in cybersecurity to discuss latest cybersecurity challenges their teams are working to solve. This is Part 4 of a 5-Part series highlighting these discussions.
Deliberate cyberattacks are no longer periodic or influenced by industry or geopolitical events. Rather, they have become a constant and should remain in the forefront of executives’ thoughts. Our panel discusses what the industry should be doing.
For this panel, TruSTAR gathered Andrea Limbago, Chief Social Scientist at Endgame, Michael Daniel, President and CEO of Cyber Threat Alliance (CTA), and Chris Wysopal, CTO of Veracode.
The following is an excerpt from this conversation. Full video below
Patrick Coughlin, TruSTAR: How are we doing as an industry? Are we encouraging the wrong behavior? What do we need to improve?
Andrea Limbago, Endgame: There is a lot of low hanging fruit we’re not cleaning up. For the general population, securing their devices and systems is either too hard or they don’t know why or which data might be used to target to them. To illustrate, only 10% of Gmail users have two-factor authentication.
Michael Daniel, CTA: There are two commonly held attitudes. One group believes it’s too hard to stay protected, so only the tech guys can take care of these things. The other group is fatalistic and believe there’s nothing they can do at all, so why bother. It’s true that you can never drive your risk down to zero. You can, however, drive your risk lower.
Chris Wysopal, Veracode: One of the challenges is that we don’t have good feedback loops to know if what we’re doing is actually benefiting us. You may need to patch your system every 90 days, but if you patch your system every 30 days, I can’t tell you how much better is it and if the security is 3x better. There’s no good science behind what we’re doing.