Breached or not breached are you still cybersecurity naïve? Dr. Eric Cole discusses his observations after sitting in on panel discussions at a large security conference he recently attended. After giving a keynote speech he was asked to stick around and listen to some of the panel discussions. Having some time before his next flight he observed a panel with three CISOS from various organizations.

Dr. Eric Cole was taken back at how naive one of the CISOs was when they shared that they they had no attacks or breeches against their organization in the past two years. The crowd cheered and treated this CISO like he was a big hero, when the CISO should have been booed off stage.

Claiming that you have had zero attacks or breeches for two years is ja sure sign of how backwards people are when it comes to cybersecurity. The CISO was naive enough to believe that they had no attacks for two years? If you have a viable business you’re going to be attacked.

It’s not whether you’re attacked or not, it’s how soon you detect it and how much you control the damage.

Another CISO got up and said that their organization had two attacks in the last 6 months and the crowd sat silent. It is completely backwards, the person who detected the attacks in a timely manner and controlled the damage is a hero. This guy Dr. Cole would hire to be a CISO for any of his clients in a second, and the other one he wouldn’t touch with a ten-foot pole.

The goal of cybersecurity is not prevention, the goal is not to say that we haven’t had any attacks in two years because it is impossible in the game we play.

You are going to be a target, you are going to be attacked and you are going to be compromised. The goal of cybersecurity is all about timely detection and controlling the damage. Cybersecurity metrics are all about dwell time and lateral movement.

  1. How long are they in your network?
  2. How much damage are they doing?

Those are really the two questions, those are the two metrics if you’re doing cybersecurity correctly.

The amount of time they’re in your network should be decreasing every month every year. The amount of damage should also be decreasing as well. So, you’re not going in and using as a metric whether you were compromised or not, you’re using as a metric how long are they in the network and how much damage they caused.

Both of those should be trending in the downward direction as we get better visibility and better detection capabilities within your environment so.


More Cybersecurity Videos