SAN FRANCISCO – What cybersecurity teams need in this evolving and increasingly sophisticated threat landscape is not more structure but more agility, according to IBM executives speaking on Thursday here at RSA 2019.
“An agile model makes all the difference, delivering security at speed and scale requires a different model,” said Mary O’Brien, general manager, IBM Security.
“We need a culture that knows failing is part of making progress, a culture that encourages other points of view and new ways of operating,” she said.
Instead of continuing to chase the elusive notion of perfect security, O’Brien said security teams should be adopting a new mindset that can evolve in times of crisis based on an agile code of behavior.
“I think it’s time to rewrite our playbook to create this culture,” O’Brien added.
While infosec teams have not typically thought in terms of agile, their adversaries certainly have the ability spot a response, pivot and keep coming at you, according to Caleb Barlow, vice president of IBM Security, X-Force Threat Intelligence.
“Slowing down to achieve perfection is only going to slow down your response,” Barlow said. “If we look at major breaches over the last decade, the lackluster response is causing more damage than the breach itself.”
Barlow said that agile cybersecurity teams should take a page out of the military and craft a Commander’s Intent document that empowers employees to respond and make adjustments in real-time, particularly during an attack.
The Commander’s Intent outlines exactly what’s expected and what leeway they have to make it happen, because ‘the charge is to get up that hill by any means necessary’ is considerably different than ‘get up this hill with the minimum number of human lives lost.’
From there, Barlow said infosec teams should be empowered to ask and answer three questions during an attack: How do I stop the harm? What is the likely next move of the adversary? What is the likely worst move of the adversary?
“From that dialogue I can triage a response,” Barlow said.
O’Brien added that change has come upon the security industry and it has come on quickly, which means that many of today’s fundamentals are changing, from technology tools to data governance.
“Agile, think of it as a mindset, where individuals respond to change rather than following a rigid plan, where teams are connected, engineering, IT, lines of business, security, executive leadership,” O’Brien said. “They have to be empowered to iterate, to fail, to get up and try again and again.”