Book Preview: Modern Cybersecurity, Preface

By

On October 19, 2021, we published a book, "Modern Cybersecurity: Tales from the Near-Distant Future". Over the next few weeks, we'll be publishing excerpts from the book.  Our first excerpt is from the Preface by Erkang Zheng.

Modern Cybersecurity - Hardcopy or Digital - JupiterOne

Preface

Cybersecurity is transforming. The last decade of cyberattacks, threat actors, and an endless stream of breached data was just a catnap compared to what's coming next. Only by understanding the changes that have taken place in information security can we anticipate the profound metamorphosis the industry will undergo over the next three to five years and what we must do to prepare for it. 

I remember the days when cybersecurity meant analysts sitting in the SOC, staring at four screens all day long.  Servers and workstations were housed in a physical location, and security was operationalized from a defensive posture, fortified by a tangible perimeter and focused on protecting a relatively contained set of "things." We built our approach to security upon our understanding of the physical environment and what it took to protect it. We conducted annual penetration testing and PCI assessments as a sufficient measure to provide peace of mind in security for most organizations. For years, we assumed and relied upon our technology infrastructure and operating environments being relatively static, with only material changes no more than once or twice a year.

This concept has transformed into a new vision for security. Everyone is adopting the cloud. Everything in technology is becoming software-defined. Across every industry, the COVID-19 pandemic further accelerated these trends, cramming a decade's worth of digital transformation into a single, unprecedented year of change. Yet, at the same time, we've all continued the endless struggle against a rapidly-metastasizing cybercriminal contagion.  

As a result, our concept of security must be re-evaluated: But what is its new foundation? What are the new basics for cyber operations? Physical boundaries are no longer a limiting factor. Even the logical boundaries are getting harder to define. The new perimeters surround an individual piece of data, or an individual user identity, most of which is defined on the software, application, and data layer. It is no longer enough to find and protect cyber assets. We must also understand their relationship to one another.  

The impact and outcome of security breaches are drastically different within these types of relationship-based environments. What we are now seeing is cyber espionage on a nation-state scale against commercial or public interests. A ransomware attack against a hospital can result in loss of life, not just financial disaster. Factor in an attack spanning an entire city, or a region, and it's clear that the scale of risk and its potential impact are escalating fast.

The industry is racing to develop new approaches and solutions to adapt to this changing environment. From small startups to global enterprises, the first line of defense is the organization itself. The larger the enterprise, the more this becomes a company-wide responsibility. 

The current state of defense is in the form of security teams. But as part of the cybersecurity transformation currently taking place, companies are beginning to re-evaluate and relearn the basics of cybersecurity. Unfortunately, companies have counted on little or no help from public entities or the government in terms of prevention during this transformation phase. But that's starting to change. Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) engage with the private sector to help address this particular issue. As a result, the future of cybersecurity is in a symbiotic public/private partnership. Conceptually, it marks the transition to a new era for security.

Read more....

 

Download Modern Cybersecurity: Tales from the Near-Distant Future - JupiterOne

 

Erkang Zheng
Erkang Zheng

I am the Founder and CEO of JupiterOne, and also a cybersecurity practitioner  with 20+ years experience across IAM, pen testing, IR, data, app, and cloud security. An engineer by trade, entrepreneur at heart, I am passionate about technology and solving real-world challenges. Former CISO, security leader at IBM and Fidelity Investments, I hold five patents and multiple industry certifications.

I founded JupiterOne because I envision a world where decisions are made on facts, not fear; teams are fulfilled, not frustrated; breaches are improbable, not inevitable. Security is a basic right.

We are building a cloud-native software platform at JupiterOne to deliver knowledge, transparency and confidence to every digital operation in every organization, large or small.

To hear more from Erkang, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.

Keep Reading

Shopping for DSPM tools - What to know and where JupiterOne fits in
May 30, 2023
Blog
Shopping for DSPM tools - What to know and where JupiterOne fits in

When are Data Security Posture Management tools useful and how can JupiterOne be used for basic DSPM functions?

2023 SCAR expands on context and depth of analysis over inaugural report
May 19, 2023
Blog
2023 SCAR expands on context and depth of analysis over inaugural report

The 2023 SCAR report builds in some important contextual analysis of the findings, including company size breakdowns and CSP adoption details.

Why IT teams should be using JupiterOne, Part 3
May 16, 2023
Blog
Why IT teams should be using JupiterOne, Part 3

JupiterOne can assist many functions within your IT department, including one very visible and important team: Help Desk Support.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.