Last week, thousands of IT security professionals gathered in Toronto for the annual SecTor Security Conference to share compelling research and new techniques. From malware attacks to unencrypted stolen devices, data theft is rampant in the enterprise, and security solutions are, well, supposed to be the solutions. Security experts at SecTor presented on the various ways organizations can learn from past mistakes and how vendors can aid in this process.
Here are a few of the common topics we observed:
1. Security as part of the DevOps process
In the presentation, “KickaaS Security with DevOps and Cloud,” it was suggested that security be woven into the DevOps process. Development and operations includes monitoring, updating, and improving technology. As a part of this practice, security would no longer be left outdated and vulnerable.
2. Go on the Dark web
The Dark web can be accessed for good. News of the breaches appear here, as it is also the marketplace for the stolen information. Monitoring hacker activity is much like living up to the saying, “Keep your friends close, but your enemies closer.”
3. Sound the Alarm
Early detection is no good if it is not known, and IT professionals across the conference urged each other to communicate immediately at the sign of suspicious activity. Regarding the recent retail data breaches, there has been much criticism that not only are the solutions reactive, but the people in control of the solutions are withholding the information for far too long. In the session, “Asymmetry in Network Attack and Defense,” the audience was reminded that sharing knowledge is the cheapest defense.
So what was the major lesson learned here? Security processes need to start being more proactive rather than just reactive.