TL - Cloud Talk - Gary and Karen on Security

Assume Failure: Building Worst-Case Scenarios into Your Cybersecurity Roadmap

You learn more from your failures than you do from your successes.

Security has always been a big part of IT. But with technology infiltrating all areas of business, and with adversaries getting smarter and more organized, it’s harder than ever for IT to maintain security. From attacks on government agencies, to attacks backed by nation states, the world is moving closer to a point of advanced cyber-conflict.

In the latest episode of Cloud Talk, podcast host and Rackspace Technology Chief Technology Evangelist Jeff DeVerter is joined by two security experts from Rackspace Technology to discuss how to build a strong cybersecurity team and business. The guests this week are Karen O'Reilly-Smith, Chief Security Officer, and Cloud Talk regular Gary Alterson, VP of Security Solutions.

As the saying goes, you learn more from your failures than you do from your successes. This is why assuming failure and practicing worst-case scenarios is best practice in cybersecurity according to security leaders Gary and Karen. And there are plenty more nuggets like that in this episode.

Tune in to hear about:

  • Security strategy and creating and updating your roadmap
  • The facets of good security hygiene
  • Patching to mitigate against vulnerabilities
  • Tabletop exercises to help cybersecurity teams
  • Cyber insurance
  • Creating security champions in your organization

Karen discusses the strategic side of security and creating a roadmap. “Think of it as a living, breathing document that you're going to keep on your desktop. And you're going to really look at it on a regular basis throughout your day and throughout your week. It's something that, as we learn from events, as we learn from incidents, as we learn about what's going on in the world, we need to continually update that roadmap.”

Gary comments on the maturity of cybercrime at the present moment. “A lot of today's adversaries, especially in ransomware, are essentially commercial organizations. I wouldn't even call them organized crime; I’d call them companies at this point. Some operate in an area that's pretty shady, but they've got codes of conduct. Others offer ransomware as a service.

“So as a customer, I do the hacking, I place the ransomware down on the target I want. And after that, you (the ransomware-as-a-service company) take over — you do the encryption, you steal the data, and you negotiate a payment, and then I just get a cut as the customer or affiliate. And now we're starting to see some of those organizations ask for funding. So they're selling shares in their operations. It mirrors what we do in corporate life.”

Karen explains how tabletop exercises work. “Look at incidents that may impact your organization directly, but also look at incidents that happen outside of your organization. So a good example is the recent attack on Colonial Pipeline. Rackspace is not an oil company, but it's a good exercise . . . to think, ‘If that happened at Rackspace, what would happen to us? How would we have handled it?’ So run an actual tabletop exercise. You can take any incident directly from real life and put it into a tabletop.”

Jeff wraps up by explaining the role of security as an enabler for businesses to move faster. “Security is about a partnership with the business to ensure the business can move as fast as possible, and be as safe as possible. I mentioned this when we were talking to our customers just the other day. When you think about the evolution of the car, one of the biggest inventions to help a car go faster in the earliest days was the brakes. You have to have the ability to control what's happening before you can actually move faster. And that’s what security is doing.”

Listen & Follow

 

Join the Conversation: Find Solve on Twitter and LinkedIn, or follow along via RSS.

Stay on top of what's next in technology

Learn about tech trends, innovations and how technologists are working today.

Subscribe
ransomware

The Dark Side of Today's Sophisticated Ransomware Attacks

About the Authors

rackspace logo

Rackspace Technology Staff - Solve

The Solve team is made up of a curator team, an editorial team and various technology experts as contributors. The curator team: Srini Koushik, CTO, Rackspace Technology Jeff DeVerter, Chief Technology Evangelist, Rackspace Technology The editorial team:  Gracie LePere, Program Manager Royce Stewart, Chief Designer  Simon Andolina, Design Tim Mann, Design Abi Watson, Design Debbie Talley, Production Manager  Chris Barlow, Editor  Tim Hennessey Jr., Writer Stuart Wade, Writer Karen Taylor, Writer Meagan Fleming, Social Media Specialist Daniel Gibson, Project Manager

Read more about Rackspace Technology Staff - Solve