October 26, 2016 By Kevin Skapinetz 3 min read

In 10 years at IBM, I’ve been fortunate to have a bird’s eye view of big changes across the security industry. I have helped massive enterprises and small organizations build out their defenses against all sorts of changing threats. Here are 10 simple cybersecurity lessons I’ve learned in the past decade.

10 Cybersecurity Lessons From an IT Expert

1. Don’t Forget the Basics

The Australian Department of Defence is respected in security circles for its list of 30 strategies to mitigate targeted attacks. Right up there at the top is simple stuff, such as patching operating systems and applications and locking down admin accounts. You have to think about basic security hygiene first and foremost. This is the foundation of a strong security program — everything else is built on top.

2. Security Is About Much More Than Malware

Our industry and the public are fixated on advanced threats, but equally important is the less sexy stuff, like managing credentials and access policies with employees and partners in your supply chain. You need a clear understanding of what people, based on their roles, should have access to certain assets and data.

And don’t forget application security. If you are writing web or mobile apps for clients and customers, securing them takes a lot of discipline. Getting it wrong opens more doors to attackers.

3. Technology Is Only One Part of Security

Being tech-oriented, security professionals often obsess about the next great product or startup that will solve their problems. Most security problems, however, are people or process problems. Security must be embedded throughout the corporate culture. Employees need to understand just why security is vital to the organization and their specific roles in promoting it.

4. Security Is a Team Sport

Early on, security was reserved for IT, the silent defenders. As the threat environment changed for the worse, even IT knew it would be outmatched without third-party help. World-class security teams share information and collaborate with experts to defeat common foes. This means collaborating not just with vendors, but also with their peers and competitors.

5. Don’t Obsess Over the Threat Du Jour

There’s always the next awful thing out there. Trendy threats like Conficker, Stuxnet, APT-1 and other massive breaches against the world’s largest companies will always be in and out of the news. It’s certainly critical to learn from them, especially the vertical-specific ones. Just don’t pin your security strategy on reacting to the latest bad thing that comes along.

6. Buzzwords Aren’t All That Bad

All of a sudden, the word cyber is everywhere. It has even crept into political debates. As security geeks, we disdain these terms: big data, machine learning, the cloud. Ugh. But if in the end they can help to elevate the overall discussion and heighten security awareness in the general population, how can that be a bad thing?

7. What’s Old Is New Again

When I joined IBM with Internet Security Systems (ISS) 10 years ago, there was a lot of focus on server and host security in the data center. With the rise of Web 2.0 (remember that?) and mobile devices, we shifted more to network security. Then cloud exploded and the focus moved to server-based security of virtual machines. My point? Cybersecurity lessons learned today will be relevant in a decade.

8. Analytics: Not Just for Pretty Dashboards

Now that we’re speaking to the board, there’s a lot of flashy eye candy in security. Attack maps inspired by “War Games,” incident visualizations and risk views can be helpful in making security decisions. But more critical uses for analytics today include real-time fraud and insider threat protection. That’s not just eye candy — it’s highly functional, utilitarian security that can actually boost revenue and prevent damage.

9. Security Superstars Integrate and Automate

A decade ago, teams were using silos of point products, and automation meant locking down a network or quarantining an endpoint. But false positives meant taking potentially valuable resources offline, so there was pressure not to use it. Today, I see seasoned teams integrating their defenses and using deep context about specific threats to orchestrate policies and make precise decisions about actions. This is where our industry is headed.

10. Security Is Hard Work

Security takes discipline and a clear strategy. It takes an honest recognition that security is not a goal with an end game, but rather something that changes continuously as both organizational goals and the threat environment evolve. There is no magic product, no magic service, no single method of defense. You must work tirelessly every day to prevent threats and plug vulnerabilities. It’s like training for a marathon that never stops.

Read the white paper: Reduce your attack surface, reduce your risk

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today