What’s Changing in Cybersecurity & Why it’s Important

What’s Changing in Cybersecurity & Why it’s Important


Technology manufacturers in the global IT market occasionally come up for air in order to revalidate that our value propositions are still germane. Essentially, we like to know that we’re solving today’s challenges and not living in the past.

One way to test this is to listen carefully as to where Wall Street sees shifts in the markets. Cybersecurity technology (as a subset of the IT market) is currently shifting to refocus toward one of the most significant threats within today’s enterprises – People. In a recent global cybersecurity survey, nearly two-thirds of respondents named “People” as the greatest risk for compromising systems. What this means is the focus is no longer just on stopping the external hackers and threats, but zero trust for the general population of users, as well.

How do I know this? Investor’s Business Daily, a highly regarded stock investment news website recently featured a full-length article on the topic of “zero trust” strategy. The article asked and answered, ‘why companies in this space may be interesting places to invest in the coming years.’* While investing in these companies may make stockholders some money is beside the point. As these technologies become more and more available, they will be chosen (especially by federal agencies and owners of critical infrastructure) because the last, biggest vestiges of cybersecurity risk remain within the organization. The zero trust strategy dictates bringing security closest to the assets you are protecting, and verifying every action on sensitive assets, rather than building a wall around your organization and assuming everything within is secure.

Another key aspect of zero trust is the blanket application of the “least privilege” principle – i.e. only providing users and applications the level of access to any data and systems that is absolutely required for job functions. A recent leitmotif in the cybersecurity market is the rise in the use of micro-segmentation for those portions of your network that really cannot afford to be breached. By protecting individual assets with a strong segmentation solution, such as the Owl DiOTa, organizations can ensure that the truly valuable databases and devices are only available to a much smaller, select group of authorized users and applications.

These zero trust technologies will continue to be deployed with other software applications in the federal agencies and across public sector critical infrastructure. This includes manufacturers in the defense industrial base (DIB), military bases, state-owned colleges and large city assets, to name only a few categories. Have you ever stopped to consider how many operational technology (OT) networks and industrial control systems (ICS) exist in the United States? These millions-upon-millions of ICS networks are protecting trillions-of-dollars-worth of infrastructure that we have all contributed to (every time you pay taxes or pay a utility bill!). It’s time we begin to apply zero trust and new levels of segmentation to protect these national investments, before another headline reveals yet another major hack.

*Krause, Reinhardt, Enter The Zone of Zero Trust, Investor’s Business Daily (IBD Weekly), June 3, 2019 edition

How IIoT and the Cloud are Upending the Purdue Model in Manufacturing

The Purdue Model of Control Hierarchy is a framework commonly used by manufacturers in pharmaceuticals, oil and gas, food and beverage, and other verticals to group enterprise and industr...
September 11, 2019
Gary McGibbon Business Development Manager - Financial Services

Capital One as a Canary in the Cloud Coal Mine: Part 3 – Conclusions

If the Capital One sysadmin had just changed the WAF password... In the final part of our blog series on the Capital One breach, I want to discuss the conclusions reached based on the vu...
August 15, 2019
Gary McGibbon Business Development Manager - Financial Services

Capital One as a Canary in the Cloud Coal Mine: Part 2 – Findings

"That is a pretty egregious oversight." In the second part of our three part series on the Capital One breach, I want to discuss the vulnerabilities and other elements that went into the...
August 13, 2019