CISO on CISO Perspectives
From AI and automation to ransomware and cybersecurity mesh architectures, two Fortinet Field CISOs give a glimpse into some of the priorities they are hearing from customers and partners. Alain Sanchez and Joe Robertson share their perspective about some of the biggest trends they are seeing going into 2022.
What is the biggest cybersecurity trend going into 2022?
Alain: I don’t anticipate big changes at least in the first months of 2022, but more of an acceleration of the trends that we saw at the end of 2021.
Joe: I agree. For example, ransomware isn’t going away, and the fallout of the Log4J exploit is going to go on for a long time. I also think there will be more and more attacks on different types of targets, not just typical IT targets. For example, operational technology (OT) will be targeted more frequently because when production is attacked, companies will likely pay the ransom. Not only is down-time costly, but the machines themselves are expensive and could be damaged. And of course, there are the threats to human and environmental safety as well.
Alain: Whether it’s an enterprise or a telecommunications company, we’re seeing more adoption of integrated platforms. The convergence of networking and security coupled with integrated cyber security platforms is the biggest upcoming trend I’m seeing. People don’t have time to integrate disparate security products anymore. So, integration is part of the selection process and why platforms are so important.
Joe: Point or “best of breed” products don’t really cut it anymore for two reasons. The first is that no product is “best” for very long. If something is good, everyone in the business has some version of it. And the other even more important reason is that if you have a variety of different security and networking devices, it’s complicated to manage and control. And because you’re not able to track multiple vendors devices in a single place, it’s less secure. You’re actually leaving a lot of gaps in between the devices. And attackers know that; they’re going to try to slip through those cracks. Point products that are specific to a narrow niche aren’t sufficient, particularly if you can use a broader product that covers the same area as several point products.
Why is work-from-anywhere a challenge?
Joe: I think it’s important to realize that remote work has changed from work-from-home to work-from-anywhere (WFA). It’s not the same thing. WFA includes both the home and the office, not to mention airports, cafés, trains, and other places. Organizations are rethinking their buildings. They’re looking at having fewer fixed offices, more hot desking, and especially more collaboration and conference spaces. The implications of working from anywhere are, first, denser infrastructure of Wi-Fi in the office and more security for the Wi-Fi. And secondly, an increased need to positively identify users and grant them access only to the applications they need using zero trust principles.
Alain: I’d add that WFA isn’t just about people. It’s also about the Internet of Things (IoT), and even more importantly, from our point of view, the Industrial Internet of Things (IIoT). The IIoT includes devices that are suddenly using wireless connectivity and can literally be anywhere–even at sea or in space.
Why are visibility, reducing complexity, simplifying operations, and continuing integration still being talked about?
Alain: At this point, network visibility is a must have. Without it, you can completely go off track, both from a networking and security perspective. No human brain is fast enough, and no human memory is big enough to integrate zillions of parameters in real time. You need automation and you need to simplify, so your security team can focus on what a human brain does best, instead of getting bogged down in tasks like correlating logs from different solutions.
Joe: I’d add that complexity compromises security. With the growing number and types of threats today we have to do everything we can to enhance rather than compromise security. Integrating the information flows of various cybersecurity tools gives you broader look at the threat environment. Now attackers are using artificial intelligence (AI) to develop malware that never looks the same twice, so you need to take advantage of behavioral approaches and your own AI.
Why is a mesh cybersecurity architecture approach critical now?
Joe: Different cybersecurity tools and devices exist for a reason. They each try to catch an attacker at different points during the sequence of activities an attacker uses to get in and get around an organization’s IT environment. If each of these devices works independently, you have a lot of work to do managing and analyzing different management consoles and analysis tools. At the same time, attackers are looking to slip in through the cracks between devices. With a mesh architecture, all the devices are talking to each other and sharing information with common management and analysis tools. You can then close those gaps and make it a lot tougher on the bad guys – hopefully tough enough that they’ll give up and look for an easier target.