If security was just a case of patching software and checking malware hashes, it would be easy. In reality, it’s difficult. Really, really difficult. Mark Nunnikhoven, vice president of cloud research at Trend Micro, spent his SecTor 2018 keynote talking about why and how we got here.
We sat down with him to discuss his keynote in depth and find out why we’re still facing the same gnarly security issues in 2018 that we were dealing with twenty years ago, along with a whole new set of them.
One of the biggest problems facing security teams today is culture, explains Nunnikhoven. Algorithms and technical security procedures are well-defined, with nice, hard edges. When you add people to the mix, things get squishier and more difficult to deal with.
Security professionals are taking an important step by beginning to talk to people in the business openly and frankly about security, but they still have a long way to go, he says. They must help people to understand the risks that they’re accepting and give them some context to work out whether they’re appropriate.
Instead of expecting the binary results they get when running a malware scan or deleting a defunct user’s account, security pros must prepare themselves for a series of small wins as they try to help steer company culture to a more secure place, he warns.
After you’ve seen Mark address these challenges in our SecTor interview, watch his entire keynote talk, entitled Are we setup to fail, here for a deeper dive.