During his RSA Conference keynote, Young likened today’s cyber threats to skyjacking in the 1960s and early ’70s.
“We’re suffering from breach fatigue like we suffered from hijack fatigue nearly 50 years ago,” he said, citing near-daily breaches (today) and skyjacking attempts (back then). But in 1972 hijackers threatened to crash a plane into an Oakridge, Tennessee, nuclear reactor.
“That shook our country out of our hijacking fatigue and introducing screening at airports,” Young said. “Despite the added security and protections, the wall between the flight deck and the outside world remained relatively porous. That led to 2011.”
Instead of allowing a “digital 9-11” to happen, it’s time to borrow a page from the post-September 11 airline industry and bake security into the cultural fabric, Young said.
“Many people don’t believe cybersecurity is their job or their responsibility, but part of that is that we haven’t taken up the cultural mantle in ours,” he said. “We must prioritize cybersecurity across different domains of society, in the public sector and in the private sector, among employees and consumers if we are truly to drive progress.”
State of Cloud Security
Also at RSA Conference, McAfee released its cloud and and security report, Navigating a Cloudy Sky: Practical Guidance and the State of Cloud Security. According to the more than 1,400 IT professionals surveyed, one in four organizations using public cloud has had their data stolen. And one in five has experienced an advanced attack against its public cloud infrastructure.
Additionally, 83 percent store sensitive data in the public cloud, and 69 percent trust public cloud to keep their sensitive data secure.
Improved visibility is key to keeping data safe in the cloud, said Vittorio Viarengo, VP of marketing for the cloud business unit at McAfee, in an interview with SDxCentral. Ninety-seven percent of organizations use cloud services, he said, citing another statistic from the study. And 87 use personal devices for work.
“In this world where you don’t own much of the infrastructure or the devices, you need to regain visibility,” Viarengo said. “You need to know where your data is and what it contains. Once you know where your data is and who has access your data, then you need to put policies on it.”
Last month the vendor launched its first cloud security product since the Skyhigh purchase, and at this week’s RSA Conference McAfee announced its new CASB Connect Program, which allows any cloud service provider or partner to build API connectors to McAfee Skyhigh Security Cloud without writing any code. This provides visibility into cloud services being accessed from on-premises and mobile devices an enforces security policies for all of these cloud applications.
Photo: McAfee CEO Chris Young describes a “culture of cybersecurity” during an RSA Conference keynote.