Kevin Coleman is a senior fellow at the Technolytics Institute and former chief strategist at Netscape. (File) ()
2013 was certainly an interesting year when it comes to cyber defense and cyber intelligence. As the year closes out it is helpful to think back to all that has happened within the cyber domain and see what we all should take away from this learning experience. Here are my top five for 2013.
1. We can’t keep doing what we have done in the past in terms of cyber security. The time for using a reactive security model has passed and in the last few years the threat environment mandates a proactive approach.
2. Cyber attackers continue to apply the creative side of their brains while they reuse past attack techniques because many organizations have not applied patches, nor are they aware of previous cyber attack techniques and how best to defend against them.
3. Nontechnical decision makers are at arms length from being fully engaged in the struggle to secure their organization’s critical systems. The main reason for this is the poor job the technical side is doing communicating the threats and challenges of cyber defense in an easily understandable manner.
4. New and innovative products and services regularly emerge and become part of our modern business and personal lives. Building security in rather than treating security as an afterthought is still too rare of an occurrence.
5. The black market for previously unknown vulnerabilities in widely used commercial software is a dominant force that is driving research efforts focused on finding new vulnerabilities that are sold for 10s to hundreds of thousands of dollars.
2013 will certainly be another record year when it comes to the number of new strains of malware that were discovered. It is doubtful that the entire industry will learn from the Target department store data breach. One rather cynical cyber security analyst said, “The Target breach is hot right now, but will soon be forgotten.”
Given the current approach to cyber security a quote from a rather smart individual comes to mind. When asked what makes him such a great hockey player. Wayne Gretzky’s response was: “I skate to where the puck is going to be, not where it has been.”
In 2014 we will undoubtedly repeat many of the same mistakes and use the same techniques to defend our systems and data from cyber threats. We have to stop reacting to cyber attacks after they occur and address where the attacks are going to be. Build cyber security in — NOW!
Have a safe and prosperous New Year!