It’s about protecting human beings: Dr. Richard Ford at RSAC 2022

At this year’south RSA Conference in San Francisco, I grabbed some fourth dimension with Dr. Richard Ford to ask him nigh his advice for CISOs, how behavioral analytics are shaping cybersecurity strategy, his takeaways from the conference, and to tell us a little flake about his presentation, “Who Watches the Watchers?” Below are the videos along with transcriptions of each.

Advice for CISOs – Share the Load

If I were sitting down with a CISO and had the chance just to share a few thoughts, I think the piece of advice I’d give, the thing that’due south acme of mind to me, is this is a really, actually hard chore, and the only manner through it is to share that load. Every bit the CISO, often there’south a tremendous burden. Y’all have to deal with digital transformation, you have to deal with letting the business concern advance, yous also have to make certain — in a hard and complex regulatory environment –that you’re protecting the “crown jewels” of the company, effectively. You’re protecting the employees; you’re protecting the data. So that’south a actually heavy burden.

And as everybody knows: How do you selection up something really, actually heavy? You find a few friends and you elevator it together. As a CISO you have to find those partners in the business. They might not be on the technical side of the business firm. Information technology could be the chief HR officer or the full general counsel or the DPO. Team with them, and permit them become collaborators in sharing that load. Considering you lot can’t do it alone.

Indicators of Compromise

Indicators of compromise. Who doesn’t honey them? Well, really, I don’t. Indicators of compromise, or IOCs, are really useful for stopping untargeted attacks or detecting how you’ve been broken into, only that’s
after
a lot of the bad stuff has happened. That’due south why so much of the research I’ve been doing over the terminal couple of years has been around human-axial behavioral analytics. Because what we can practice by studying behavior is non be tied downwardly to specific IOCs which are always lagging the threat, but get ahead of the threat, so when we encounter those behaviors that are concerning, we tin stop, we can step in, and we tin can provide mitigations to those threats.

It’s heady, and it finally puts us off the back pes, off that defensive posture, and to somewhere where we’re being more than proactive.

‘Better’ Theme at RSA

The theme at this year’southward RSA briefing is “better”, and I actually really like that. It resonates with me, information technology reminds me why I got into the security manufacture in the showtime place, and I want to practice that ameliorate. Information technology’s not almost numbers, information technology’due south non about ones and zeros, it’s actually most protecting man beings. And when you look at it through that lens y’all feel very strongly incentivized to exercise your job better.

That applies non simply to the people who are on the front line of security and the title, but on every end user who’s involved in using sensitive data, because nosotros all need to do a little chip meliorate, and we need to start that within the manufacture first. Because if we don’t do better, our users can’t practise better.

Who Watches the Watchers?

When we call back about theft of corporate information, we oft think nigh an outsider coming and stealing it. But in fact, i of the most probable ways it happens is an insider taking that data. And that’s doubly complicated when information technology’south an insider who uses that data every day. Fortunately, at that place are some pretty good solutions, because as human beings nosotros’re quite predictable.

Humans ofttimes display red flags for fraud, for example. One of the classic ones would be an employee who appears to exist living well beyond their means. Using analytics to notice those carmine flags we can actually become in front of the threat, and protect that data, while also being respectful in how we’re monitoring our employees in what nosotros practice with those systems.

Forcepoint is the leading user and data protection cybersecurity visitor, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions accommodate in existent-time to how people interact with data, providing secure access while enabling employees to create value.

Source: https://www.forcepoint.com/blog/insights/its-about-protecting-human-beings-dr-richard-ford-rsac-2019

Check Also

Will Dogecoin Go Up In Value

Will Dogecoin Go Up In Value

On Dec. 6, 2013, Billy Markus and Jackson Palmer decided to combine their dearest of …