What's Changing in the Threat Landscape? A Q&A with Mike Chapple
With security breaches now playing a constant role in the daily news cycle, it can be tricky to get perspective. In his new course for LinkedIn Learning, Inside the Breach, instructor Mike Chapple explores different breaches each month, looking at why they occur and what cybersecurity pros can do to manage future incidents. I've invited him to provide his perspective on what he's seeing in the threat landscape, and what tech skills will be most important going forward.
Q: You’ve been working in cybersecurity for many years. What are some of the key changes you’ve seen in the threat landscape?
MC: I’ve been in the cybersecurity field for over twenty years and, during that time, witnessed a major change in the threat landscape. Years ago, the most common and most aggressive threat was the amateur experimenter who was simply trying to push the boundaries of systems. Today’s cybersecurity professional faces a much more sophisticated adversary. Military units, criminal organizations, and political activists use sophisticated tools and highly targeted operations to undermine the security of their foes. This is a much more dangerous environment than we faced two decades ago and is the primary driver behind the growth of cybersecurity teams in most organizations.
Q: As you research cybersecurity breaches for your new Inside the Breach series, what commonalities are you seeing in terms of key takeaways?
MC: As we examine many of the major breaches of the past twenty years, we definitely see some common themes in how organizations failed to safeguard their systems and information.
Patching is at the top of the list. We all know that we are supposed to patch systems and applications. That’s nothing new. But many high profile breaches, including the recent Equifax breach, can be tied directly back to a failure to apply available patches in a prompt manner.
Flat networks are another common failure. Organizations place their sensitive systems on the same networks as publicly accessible systems. Network segmentation corrects this problem by separating systems according to their sensitivity level. A breach at one level doesn’t pose an immediate threat to systems on a different network segment.
Finally, no matter how strong our technical controls, human failures can always undermine them. We need to put strong controls in place to protect our people from social engineering attacks and other attempts to target legitimate users.
Q: There seems to be a new major breach in the news on a daily basis. What sources do you follow to stay on top of the latest incidents?
MC: Brian Krebs is often the first to break news of major security incidents. I follow his blog, Krebs on Security, to keep abreast of breaking news. The Washington Post also covers the cybersecurity beat on a daily basis.
Q: Looking ahead to the next year, what types of breaches do you anticipate will increase in frequency?
MC: I think that we’ll continue to see an increase in Internet of Things breaches. We’ll be covering a couple of examples in upcoming episodes of Inside the Breach. These attacks threaten to cross the barrier from cyberspace into the physical world and will attract a lot of attention.
Q: Given the ever-changing nature of security threats, what skills are most important for cybersecurity professionals right now?
MC: Cybersecurity professionals need to be full stack technologists. To be effective in this complex world, you need to have a good understanding of how all the pieces fit together. This includes knowledge of cloud computing, networking, system engineering, database administration, software development, and monitoring. There’s a good reason that cybersecurity certification programs cover a wide breadth of material: cybersecurity professionals need this knowledge on the job.