During the past few months, Microsoft Exchange servers have been like chum in a shark-feeding frenzy. Threat actors have attacked critical zero-day flaws in the email software: an unrelenting cyber campaign that the US government has described as “widespread domestic and international exploitation” that could affect hundreds of thousands of people worldwide. Gaining visibility into an issue like this requires a full understanding of all assets connected to a company’s network. This type of continuous tracking of inventory doesn’t scale with how humans work, but machines can handle it easily.
For business executives with multiple, post-pandemic priorities, the time is now to start prioritizing security. “It’s pretty much impossible these days to run almost any size company where if your IT goes down, your company is still able to run,” observes Matt Kraning, chief technology officer and co-founder of Cortex Xpanse, an attack surface management software vendor recently acquired by Palo Alto Networks.
You might ask why companies don’t simply patch their systems and make these problems disappear. If only it were that simple. Unless businesses have implemented a way to find and keep track of their assets, that supposedly simple question is a head-scratcher.
But businesses have a tough time answering what seems like a straightforward question: namely, how many routers, servers, or assets do they have? If cybersecurity executives don’t know the answer, it’s impossible to then convey an accurate level of vulnerability to the board of directors. And if the board doesn’t understand the risk—and is blindsided by something even worse than the Exchange Server and 2020 SolarWinds attacks—well, the story almost writes itself.
That’s why Kraning thinks it’s so important to create a minimum set of standards. And, he says, “Boards and senior executives need to be minimally conversant in some ways about cybersecurity risk and analysis of those metrics.” Because without that level of understanding, boards aren’t asking the right questions—and cybersecurity executives aren’t having the right conversations.
Kraning believes attack service management is a better way to secure companies with a continuous process of asset discovery, including the discovery of all assets exposed to the public internet—what he calls “unknown unknowns.” New assets can appear from anywhere at any time. “This is actually a solvable problem largely with a lot of technology that's being developed,” Kraning says. “Once you know a problem exists, actually fixing it is actually rather straightforward.” And that’s better for not just companies, but for the entire corporate ecosystem.
Show notes and links:
“A leadership agenda to take on tomorrow,” Global CEO Survey survey, PwC
Modernizing IT Helps Enterprises Do More with Less
Feeding the World by AI, Machine Learning, and the Cloud
AI and Data Fuel Innovation in Clinical Trials and Beyond
Building a Culture of Innovation in Research and Development
Maximize Data Outcomes by Investing in People and Systems
Building great digital customer experiences with agile infrastructure
Using Technology to Power the Future of Banking
Building Tomorrow’s Telecommunications Network Today
Building the Necessary Skills for Digital Transformation
Embracing Culture Change on the Path to Digital Transformation
Mapping the Atmosphere on Mars Can Help Advance Science on Our Own Planet
Technology and Innovation Transform Farming
Applying Laser Technology to Humanity’s Challenges
Scientists Advance Cloud Seeding Capabilities with Nanotechnology
Make Sustainable Products, Sell, Repeat
Digital Inclusion and Equity Changes What’s Possible
Create Equitable Experiences to Empower Your Employees
Sustainability Starts in the Design Process, and AI Can Help
Building the Future with Software-Based 5G Networking
Embracing the Promise of a Compute-Everywhere Future
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast