When I first got into Information Technology management a number of years ago, one of my biggest concerns was that an individual with some programming skills, a will to cause trouble and some luck might break into my network or my main website and deface the content. We called these types of risks, script kiddies. Now, IT leaders are facing unparalleled attacks from multiple and highly coordinated adversaries who have the power to put a company out of business, paralyze nation states and earn a lot of money in the process, in addition to receiving “cred” for the attacks.
In the spring of 2015, Penn State College of Engineering was targeted by two sophisticated cyberattacks that required officials to shut down internet access on campus. In fact, on an average day last year, Penn State alone repelled more than 22 million overtly hostile cyberattacks from around the world. At Olin, whenever we publish an external IP address (by putting up a new server, for example) we are the recipients of more than 400 attacks within the first 15 minutes.
In fact, higher education institutions, in general, are particularly vulnerable to security breaches because of our commitment to freedom of speech, technological innovation, high degree of connectivity and the most digitally advanced student body in history.
That is why the topic of cyber security was chosen for the 12th Olin Innovation Lab (Oil 12) that drew 50 experts from across the country. Headlining the event was Samir Kapuria, Senior Vice President and General Manager, Cyber Security Services, Symantec, along with security professionals from Cyphort (watch an interview with Director of Security Research), CrowdStrike, Integration Partners and Juniper Networks.
Kapuria laid out a cogent argument for why as IT professionals we have to learn how to collaborate and focus more proactively on intelligence gathering rather than just talking about best practices and strictly shoring up our defenses. Historically, security professionals have focused on protecting all the components of an information system separately – our laptops, software, networks and external services such as those available in the cloud. This incremental approach along with an increased regulatory and compliance focus has created a tremendous increase in the daily workload of information technologists and additional restrictions on and complexity for anyone and any device utilizing network services.
Kapuria got a knowing chuckle from the audience when he said “IT has now put the NO in InNOvation.”
To get ahead of the game, according to Kapuria, IT professions need to:
- Take a systems-thinking approach, seeking integration to create an eco-system across platforms and companies.
- Put more emphasis on intelligence gathering to predict an attack before it happens, particularly since there are new tools available using big data analysis, machine learning and telemetry.
- Stop keeping cyberattacks to ourselves and share information across competitors so that we can head-off more serious breaches. This will take a significant shift in the current mindset.
Kapuria has been called on by governments and corporations to help address some of the largest securities breaches in history and to develop strategies to manage IT protection in the brave new world. He has appeared on CNBC to discuss ways in which to deal with today’s cyberattacks.