The state of the market and a “perfect cyber storm.”
The summit opened with a May 1st keynote by Dave DeWalt, now of Momentum Cyber, formerly CEO of both FireEye and McAfee. He delivered his account of what he called “a perfect cyber storm” created by the speed of innovation and the swift evolution of vulnerabilities and threats such innovation brings with it. His slides were unapologetically familiar; he outlined his main points as follows.
The speed of innovation itself creates new vulnerabilities, which in turn enable exponential growth in the number and kind of attacker groups. We have therefore seen the danger expand from hacktivism to influence to terrorism and ultimately to warfare. This trend has occurred during a period of increasing geopolitical tensions attended by “a complete lack of governance and law enforcement models,” these being further compounded by Internet anonymity. All of this is compounded by the inability of legacy security providers to detect or prevent attacks. Hence, DeWalt concluded, “We have a perfect cyber storm.”
It takes attackers some twenty to sixty minutes to get into a network, and then identify and exfiltrate the information they want, DeWalt observed. An enterprise's lack of visibility into its own networks is the single biggest challenge defenders face. Challenges, of course, bring opportunities, and DeWalt sees four major areas of opportunity for the cybersecurity industry, which he listed alliteratively: “Drones and domes;” “Industrial, insider, and IoT;” “Social, supply chain, and satellite networks;” and, finally, “Consumer, crypto, and cloud.” He predicts that the sector will move to accommodate the larger industry movement toward hybrid clouds, the growth of IoT, the increased importance of identity management, growing appreciation of supply chain vulnerabilities, and the significant role service providers will continue to play.