Given the title of my article, it is obvious that I am a hockey fan. However, and based on my recent conversation with Richard Stiennon who is Chief Research Analyst at IT-Harvest, and author of the book Surviving Cyber War, you don’t have to be a fan of the sport to understand the hockey-security analogy.
For those of you who may not know Richard, he is the holder of Gartner’s Thought Leadership award and was named “one of the 50 most powerful people in Networking” by Network World Magazine. While Richard does not follow hockey, he readily understood my comment about playing the man instead of the puck from the standpoint of managing threats as opposed to managing risk.
In his years of experience in advising top US government organizations and corporations in the private sector, he said that the clients who are the most vulnerable are those who solely focus their attention on trying to determine what data they should be protecting as opposed to identifying “the actors” who will perpetrate an attack. In other words, you have to protect yourself against the “who” not just the “what.”
With hockey, coaches teach players to play the man (the who) and not the puck (the what), because if they focus on the puck, the opposing player will almost always evade them and get a shot on net.
Having been in the security industry for many years, I can tell you with confidence that even the best protective measures be it with people or technology, will not protect you unless you understand the makeup of your security ecosystem. Specifically the people, the environment, and the technology.
Once you have identified the external industry-specific actors who are likely to pose a threat and monitor their activity, you then have to build your security ecosystem, by asking the following three questions:
1. Do you know what “normal” is in your environment from the standpoint of activity and access?
2. Do you have control of your privileged access points? For example, the breach of an employee’s “personal” ID is not as bad as a breach involving a core system administrator’s ID.
3. Do you know what’s connected, and more specifically do you know what’s running on your network – the advent of the BYOD employee is one thing that immediately comes to mind?
When it comes down to it, security in the digital age is as much about having the right intelligence as it does having the right technology. Or to put it more succinctly, it is when we understand the source of the threat that we can protect against its risk.
I will look forward to talking with you more about security in the digital age at our Long View ACTIVATEDIGITAL2018 Conference on February 27th in Guelph.