In the spirit of the first Presidential debate, I would like discuss the topic of cybersecurity, which was one of only a few words NBC moderator Lester Holt was able to squeeze in. Even though at times the debate seemed less like a diplomatic dispute and more like a drunken quarrel between two sports fans in a bar, the topic did bring some sense of sobriety. And rightfully so, after all it’s hard to find two topics that have generated more media buzz of the past year than cyber breaches and the presidential debate. At least one of them has a hard deadline on November 8, 2016. Cybersecurity? Not any time soon.
A common problem that both political parties and many boards of directors share is their failure to fully understand the intentions of a cyber-adversary, and therefore don’t anticipate future attacks very well. Our government understands adversary intent from a geopolitical standpoint, and responds with strategic countermeasures to protect the nation. Yet we fail to take the next step and apply those lessons to a cybersecurity policy that better protects all of our government agencies, companies, or our political process for that matter.
Both parties lack a full grasp of the intentions of nation state or politically motivated groups when it comes to guarding valuable campaign information. Whether in regard to personal email servers, or political campaign databases, we don’t anticipate an attack and apply proper security measures. Is it wrong for us to assume that our adversaries have an intention to steal sensitive information? Regardless of each candidate/party’s cybersecurity background, anyone in a position to defend our nation should understand the concept of “Adversary Intent”.
The same holds true for businesses. Historically, from the Board of Directors down, there has been a duty to protect the operation of a business (as well as the shareholders), from the consequences of unforeseen problems and disasters. These threats may be physical (natural disasters, fires, etc.) or manmade (labor strikes, inventory issues, etc.). There has always been an understanding of how those events could impact the business supply chain, so there are contingency plans in place.
However, as business operations have increasingly become digitized and information more becomes more critical, few boards fully recognize the best safeguards to prevent cyber disasters. Whether the adversary’s intent is to steal intellectual property, financial records, or personal identifiable information, there has been a noticeable struggle to apply a strategic cybersecurity contingency process to protect the vital information of businesses, across all industries.
In both examples, it is the failure to understand the intent of an adversary that leaves us unable to anticipate future attacks. A comprehension of this intent should be the basis of any cyber policy focused on protecting the operation of both a business and a political campaign.
“Skate to where the puck is going, not to where it has been.” Wayne Gretzky, hockey legend, said it best when explaining his success in thinking ahead and anticipating the next move on the ice. I thought of this quote in preparation to this blog, and I think it applies well.
The cybersecurity market is constantly evolving, and the best vendors are innovative and anticipate emerging threats. They position themselves for the future by deploying platform-based approaches that adapt quickly to real time situations. Palo Alto Networks has a proven culture of innovation and a forward-thinking mentality. Dating back to when the company was founded in 2005, our founder Nir Zuk and the company leaders, have always understood the intent of cyber adversaries and provided industry leading technologies to secure our customer base now and into the future.
“We see this giant paradigm shift happening. Legacy point products that are primarily reactive in nature that lead to manual responses when you have a highly automated problem. And that is giving way very quickly to next generation platforms that are primarily prevention oriented and proactive in nature. That’s what we have uniquely, and I think that’s why you continue to see us grow so nicely.”
- Mark McLaughlin, CEO in an interview with Jim Cramer, Mad Money, earlier this year.
Partnering with a forward thinking and innovative cyber solution provider that has a deep understanding of the adversary and their various tools and tradecraft is half the battle. Too many vendors remain stagnant with legacy products and unable to anticipate the next threat from a wide range of adversaries: nation states, criminal syndicates, hacktivist groups, or individuals.
As we dwindle down this election year and focus on strategies that best defend our nation from the global threats of the future, we should use this as an opportunity to apply that same school of thought to our businesses. Every company should be asking themselves what their adversaries intent is, and how to position their security strategy.
If you have any interest in learning more about Palo Alto Networks, and how we are positioning ourselves for the future, then please feel free to contact me.