Complete visibility of the IT environment and a focus on the basics of security are crucial in mitigating threats in the emerging technological revolution, said Darron Gibbard, Chief Technical Security Officer for the EMEA region at Qualys.
Speaking at the ITWeb Security Summit 2017 last week, Gibbard said the world was going through the Fourth Industrial Revolution (4IR), which significantly impacts the way organisations do business and approach IT security.
"We are entering a stage where the cyber and physical environment are converging to bring new threats. This technological revolution will fundamentally change the way we live and work, and the bottom line is we have to respond faster to the changing environment. In this new environment, our networks are spread everywhere and our data is travelling everywhere, so keeping tabs on it all becomes very difficult."
Security leaders and senior executives need to understand their ever-changing environment, challenge the assumptions of their operating teams and continuously innovate, Gibbard said.
Oraganisations need to get to grips with the size of their estates to control and secure them, Gibbard said. They must have a global view of their networks, with a microscopic view of their assets.
"Asset management is critical. You need to spend time identifying your assets, because if you don't know what you've got - how can you secure it?"
Enterprises today have hybrid infrastructures and interconnected systems across the globe, and they have to find ways to gain 'single pane of glass' visibility of this environment, he noted. "We have to achieve global visibility in a perimeterless world." The perimeterless world includes on-premises, endpoint and cloud infrastructure.
Spend time identifying your assets, because if you don't know what you've got - how can you secure it?
Darron Gibbard, CISM, Qualys
Along with effective asset management, a back-to-basics approach must be adopted to identify all vulnerabilities and ensure patches and updates are installed and policies adhered to, he said.
Threat intelligence is also crucial to help organisations mitigate the new risks.
"You need to look at the business impact if an attack was to occur. You need to see risk as your friend and use it to consider the worst-case scenarios - can you restore your systems back to 221 days? What is your incident response time? And prepare accordingly."
Share