Chuck Leaver – As We Enter The Third Phase Of Cyber Security It Has Become People Centered

Written By Kyle Flaherty And Presented By Chuck Leaver Ziften CEO


Cyber attack impact on companies is typically uncomplicated to measure, and the suppliers of tech solutions are always showing off different statistics to reveal that you have to obtain their newest software application (including Ziften). But one figure is extremely stunning:

In The Previous Year Cyber Crime Cost Organizations $445 Billion And Cost 350,000 People Their Employment.

The financial losses are easy to take on board although the amount is substantial. However the 2nd part is worrying for all involved with cyber security. People are losing their employment because of what is occurring with cyber security. The situations surrounding the employment losses for all of these individuals is unknown, and some might have deserved it if they were negligent. However the most fascinating aspect of this is that it is well understood that there is a shortage of skilled people who have the capability to fight these cyber attacks.

While individuals are losing their positions there is also a demand that more skilled individuals are discovered to prevent the ever increasing hazard of cyber attacks. There is no argument that more people are needed, and they need to be more gifted, to win this war. However it is not going to happen today, this week or perhaps this year. And while it would be wonderful if a truce could be negotiated with the cyber attackers till these resources are offered, the reality is that the fight must go on. So how do you combat this?

Utilize Technology To Enable, Not Disable

For years now vendors of security tech have been offering technology to “prevent and obstruct” cyber attacks. Then the suppliers would return later on to sell the “next generation” service for preventing and stopping cyber attacks. And after that a few years later on they were back once again to offer the latest technology which concentrated on “security analytics”, “risk intelligence” and “operational insight”.

In every scenario businesses purchased the current technology and then they had to add expert services and even a FTE to run the technology. Obviously every time it took a substantial quantity of time to get up to speed with the brand-new technology; a group that was struggling with high turnover because of the competitive nature of the cyber market. And while all this was going on the attacks were becoming more persistent, more sophisticated, and more regular.

It has to do with People Utilizing Technology, Not The Other Way Around

The issue is that all of the CISO’s were focussed on the technology first. These organizations followed the traditional model of seeing a problem and creating technology that could plug that hole. If you think about a firewall, it actually constructs a wall within technology, using technology. Even the SIEM technology these organizations had installed was focused mostly on all the various connectors from their system into other systems and gathering all that info into one place. However exactly what they had instead was one place since the technology centric minds had actually forgotten a crucial component; individuals involved.

People are constantly proficient at innovating when faced with risk. It’s a biological thing. In cyber security today we are seeing the 3rd phase of innovation, and it is focused on people:

Phase 1 Prevent by developing walls
Phase 2 Detect by building walls and moats
Phase 3 View, check, and react by evaluating user habits

The reason that this has to be focused on individuals is not just about talent shortages, but since people are actually the issue. Individuals are the cyber hackers and also the ones putting your organization at risk at the endpoint. The technologies that are going to win this battle, or at least allow for survival, are the ones that were built to not just boost the abilities of the person on the other side of that keyboard, but likewise concentrate on the behaviors of the users themselves, and not simply the technologies themselves.