New approaches needed to combat next-gen threats

View original post at SC Magazine

Conventional approaches have not been successful in mitigating the security risks facing enterprises, speakers told an audience Thursday evening at the Rethink Cyber NYC event.

Omar Abbosh, Accenture’s chief strategy officer, discussed the “dangerous” disconnect between security professionals and board members. “As businesses evolve in the digital era, they need to take a hard look at where they are in terms of cybersecurity, where they need to be and their ability to rise to the occasion when facing new types of threats,” he said.

Speaking with at the event, Abbosh said, “We all need to recognize that we are under constant attack.” While he believes the idea that organizations can create perimeter to prevent attacks “is a myth that must be disposed,” he suggested innovative approaches can mitigate risks.

Brett Hartman, VP/CTO of Cisco’s Security Business Group, said a rise in encrypted web traffic has been an overall positive development for security professionals, he emphasized the point that many of the “massive data breaches have not needed to break encryption.” He warned that encryption may create “a false sense of security.”

Shlomo Touboul, CEO of illusive networks, encouraged security professionals to think of their security approach in terms of “the art of deception,” an approach that he argued has been an important aspect of military strategy throughout history.

He noted that next-generation honeypots could create a scenario in which attackers are enticed to attack a network that appears to have 5,000 endpoints but actually contains only 1,500 legitimate endpoints. Attackers would then need to guess which endpoints to target but “only get a certain number of guesses” before they are exposed, said Touboul.

In a forward-looking presentation, Bob Blakley, Citigroup’s global head of information security innovation, warned of the existential threats that quantum-level computers would pose to encryption technologies. He said discussions of the increasing likelihood of quantum computers leading to apocalyptical scenarios are no exaggeration – the religious term in Egyptian texts initially referred not to final destruction, but to a day “when all secrets would be revealed.”

Blakley compared the approach of quantum computers to the doomsday scenarios that many envisioned would occur on January 1, 2000. He told the audience he attended an “end of the world” party on New Years’ Eve 2000. “The reason that party was so boring was because we as an industry had been quietly working on it for 15 years.”