Rashmi Knowles is Chief Security Architect and a subject matter expert for advanced cyberthreat at RSA
Rashmi Knowles is Chief Security Architect at RSA. She works to promote the adoption of RSA's core technology with customers and drives thought leadership initiatives in EMEA. She has appeared on the BBC Television and Radio as a subject matter expert for advanced cyberthreat. At the RSA Conference 2017, I spoke to Rashmi about ransomware, new threats and the role of the CISO. Excerpts from the interview:
Why do organizations and governments still have a very tactical approach towards security?
A lot of customers are constantly fire fighting. They continue to invest in security because every time there is a breach or an incident, the usual response is, "We were compromised, and we lost some data. So let's encrypt everything." So they encrypt everything. Every time an incident takes place, they buy new technology to tackle it. Hence, it is true that organizations do not have a strategic approach towards security. We are beginning to see that there is some change but it is very slow.
For instance, when it comes to financial services, the sector is very forward leaning. They tend to invest, they have the budgets -- but sometimes, it is not necessarily about more budgets, but it is about spending the budget differently. In my opinion, when it comes to cyber security, organizations must do two things: One is to focus on what a typical attack looks like. The organization must then define the attack and make sure that they have good monitoring and visibility in to your existing systems. Only when you know what 'normal' is, you can detect the anomalies in your security systems and highlight them.
The second thing that organizations should do is put a responsive plan in place. Most often, organizations haven't even starting performing these table top exercises. The longer you take to do that, the higher will be the risk towards your reputation and personal data. Leaders responsible for security in organizations must get their teams to do their homework; understand where your data is, and if you don't understand where your sensitive data is or who has access to it or how your processes work together, investing in technology is not going to help you.
Artificial intelligence has been proposed to automate threat detection, monitoring and logging.
If you need to perform more than one action when it comes to tackling security in your enterprise, automate it. RSA's Netwitness Suite use AI/machine learning techniques to identify threats, stop them before they impact the business and reduce the cost, time and scope of the cyber incident response.
You can put limited resources on these activities and it makes your analyst's job much easier and more efficient. RSA SecurID also works on the principles of AI and uses risk scoring to authenticate users.
2016 was declared as the ransomware. What problem do we have at hand and how do we tackle it?
I mentioned earlier that security professionals must have an understanding of what normal looks like -- if you don't know what that looks like, how will you tackle the anomaly, incident monitoring and identify the attack when it is starting to happen. You must spend money on further planning in terms of the kill chain. Focus on detecting ongoing attacks that have already breached your perimeter and crack them before the damage is done. Instead of analyzing old malware, deploy a breach detection system that automatically detects and analyzes the changes in user and computer behavior that indicate a breach.
The importance of ransomware and its education cannot be overstated. But education is not about getting someone to sit in the classroom. Rather, it should be built into our system - which is like saying that when we see something unusual, there should be an element of automation that tracks the activity and informs the user about the breach or the fact that it violates their organization's security policy. Invest money on tech and processes. If you do that well, you reduce your risk levels substantially.
How can companies and CISOs re-imagine their security policies to protect their users and address the new threats?
Good security should be invisible. It should be easy, seamless and secure. If an organization should have a security policy, it should be built into their systems and processes such that it allows them to do their job properly and securely. Therefore, the key is to build it in.