The well-known Quarry Worker’s Creed, called out in prefaces to books such as “The Pragmatic Programmer” and “Ship While you Sleep”, posits the notion of IT done right as more than simple engineering discipline – good software development, for example, should not “preclude individual craftsmanship”. Drawing parallels to the construction of large cathedrals built in Europe during the Middle Ages, the quarry worker’s creed points out that while generations of builders advanced the state of structural engineering from one decade to the next, the “…carpenters, stonecutters, carvers, and glass workers were all craftspeople, interpreting the engineering requirements to produce a whole that transcended the purely mechanical side of the construction”.
We who cut mere stones must always be envisioning cathedrals, says the Quarry Worker’s Creed, and as companies, cities and countries lean on their IT teams to enable the transformation to digital business, the talented men and women that work in technology are not just builders: they are increasingly artisans and craftsmen – experts in the tools of the trade and also nuanced in navigating the vicissitudes that present themselves in the quest to build and secure the technology that powers the next wave of innovation and growth.
Cybersecurity teams in particular have their hands full today. On one hand there are all the new advances that we often can’t get fast enough: crowd-funded financial services, online education, virtual booking for work spaces, driverless cars – to name just a few. All of these need security be conceptualized and built-in from the beginning (or not, to our peril). On the other hand, their adversaries, the often-elusive hackers are increasingly sophisticated actors, who design malware, tweak code and inject vulnerabilities with the same flair and passion of a renaissance architect.
Security teams must be vigilant
Security teams need to be on their toes to enable their organizations to maximize new digitization opportunities and contend with cyber attackers who have an eye on their opportunities. According to the just-released Cisco Midyear Security Report, online attackers continue to innovate in their practices. The report states:
“…, the hallmark of online attackers may be their willingness to evolve new tools and strategies—or recycle old ones—to dodge security defenses. Through tactics such as obfuscation, they can not only slip past network defenses but also carry out their exploits long before they are detected—if ever.”
Attackers are using a variety of methods that reveal a very structured but agile approach to their shadow economy:
- Operators of crimeware, like ransomware, are hiring and funding professional development teams to help them make sure their tactics remain profitable
- Exploit kits such as Angler monitor “patching gaps” – the time between a software vendor’s release of a software update and when users actually upgrade – to better target vulnerable laggards
- Some exploit kit authors are incorporating text from classic novels and magazines to attempt to evade detection by antivirus solutions
- They mutate threats so they can remain undetected
The Midyear Security Report summarizes ongoing research and analysis of discovered threats, such as malware traffic, providing insights on possible future criminal behavior and aid in the detection of threats. Vendors, including Cisco, track and report these activities, and quickly incorporate capabilities into technology that can more effectively deflect—and not just detect—cyber threats like these.
Is your team ready for innovative attackers?
If you are running an IT or security team, you are feeling the stress that the pace of attacker innovation puts on your security operation. You must validate you have the right technology to stay secure in this environment. You have to ensure that technology stays current. And you must also assess whether your team – your people and processes – can keep pace.
“The worsening shortage of security talent means that many organizations have limited skilled resources to monitor developments in both the risk environment and vendor landscape.”
Over a year ago, we flagged the cybersecurity talent shortage as a looming critical issue for IT teams. Now, with digital business transformation bringing opportunities and cybersecurity attackers using innovative, rapidly evolving techniques, it’s more challenging than ever to keep your environment secure.
What can you do to immediately to improve your security efforts?
Our Cisco Services team recently published “Mitigating the Cybersecurity Skills Shortage” paper, which outlines five steps you can take now:
- Develop a cybersecurity strategy
- Construct a breach plan and increase advanced cybersecurity skills
- Get security on the agenda in the boardroom
- Keep your security solutions operating at peak performance
- Choose the right partners
Enlisting experts outside your organization can give you flexibility to pivot with the shifting threat landscape. By drawing on expertise drawn from wide industry and geographical experience, professional services providers can help your team see your security environment holistically.
Most importantly, the ability to draw on expert assistance allows you to refocus your own security teams on strategic business opportunities and succeeding in innovating with the Internet of Everything and digital business transformation? Wouldn’t you rather have a team that is always envisioning the towering cathedrals of your business success?
To learn more, read the 2015 Cisco Midyear Security Report
Always be prepared.
Thanks for the post Rashesh!