With the House of Representatives’ “Cyber Week” and RSA happening at the same time, the week of April 20 was one of the busiest for the Intel Security team. On both coasts, we played a prominent role in major security events. In San Francisco, we participated extensively in the RSA Conference, which brings together the finest minds and biggest players in cybersecurity on an annual basis. And here in D.C. we testified before a House committee for Cyber Week.
At this year’s RSA, Intel Security Senior VP and General Manager Chris Young gave a provocative keynote that was widely reported, on the aggressive role the security industry must play to protect individuals, businesses and government agencies in the future. Having been complacent about analyzing data for long, organizations must now “go on the offense” and go after attackers with the tools at its disposal. Young drew a “Moneyball” analogy to cybersecurity, saying that organizations must find new ways of understanding the data at its fingerprints to keep up with attackers. Analyzing individual malware samples and anomalous events will no longer cut it against the next generation of attacks. Instead, enterprises must be proactive and put attacks in context by analyzing not just the quantity of data at its fingerprints, but also the quality of data.
Back in D.C., Intel Security’s CTO, Steve Grobman, testified on the threat landscape for SMBs to the House Small Business Committee. Grobman noted that the increasingly sophistication of hackers affects organizations of all sizes, and that no one entity should consider itself completely safe, regardless of its assets or value. Indeed, attackers will often specifically target smaller organizations with the belief that their security infrastructure is not as advanced.
His recommendations for protecting SMBs revolved around better education and best practices, rooted in the experiences of larger enterprise organizations and government. The government can help reinforce the value of affordable cyber security solutions to SMBs, filling a vital role in enabling industry to meet the cybersecurity needs of SMBs by raising awareness among vendors and solutions providers of the role SMBs actually play in protecting the nation’s critical infrastructure.
Grobman pointed to the NIST cybersecurity framework as one of the best possible reference tools for organizations of any size to protect, detect and correct any security challenges. Rather than calling for legislation or regulation, Grobman echoed the shared industry perspective that collaboration and coordination between actors in the private sector, large and small, and government, will lead to better outcomes for all. The NIST framework has the tools for a better cybersecurity future inside of it, and it’s the shared commitment of industry to work with SMBs to make best use of the framework to better protect against attackers.
Weeks like this remind us about the security industry’s prerogative to work together to solve problems. Attacks are becoming increasingly sophisticated, and stopping them will require industry, the private sector, government and the population at large working together. No person, organization or agency is an island in the cybersecurity landscape, and the testimony and keynotes this week remind us of that.