"You know what they got, they got the last four digits of credit card numbers," said Gonen. "What good is that? What can someone do with the last four digits of anything?" Gonen rattled off the last four digits of his phone number and Social Security number to emphasize his point. "The other 12 digits were encrypted, so those four numbers are useless," Gonen said.
Plan B accepts that hackers will get unauthorized access, but what is key for security is making sure that what they take they can't really use.
In order to shift the trajectory of InfoSec onto the course of awesomeness, more than the blueprints need to change. Mindsets need to shift. Security administrators need to start saying yes. "Businesses need to move, and we live in a world of yes. We need to stop saying no because they will find someone who says yes."
The idea of saying yes to everything can be unnerving, though, particularly when people are trying to prevent unauthorized access to data. "The road between yes and no, is know," said Gonen. "Have architecture in mind and build solutions. Let them know the risks involved and let them make the decision," Gonen said.
Agreeing with Gonen, Earl Perkins, research vice president at Gartner, noted, "We have reached a point in time where the pace of change and the level of threat are beginning to collapse and not work." Perkins talked about the need to shift the mindset about information technology as well. "Although IT isn't a failure, it's not deliberate in the way business would like it to be," Perkins said.
Knowing how to say yes will allow security officers to protect and defend without being the antithesis of awesome. "They, and by they' I mean IT, will be replaced by something," Perkins said, "we are moving out of the prevention phase of you shall not pass' toward the era of detection and response."
The era of detection and response demands that organizations can no longer have malware that goes undetected for more than 200 days. "We are moving toward scouting parties and proactive offense. Improving the way you have monitoring," said Perkins.
"People buy because of awesome," Gonen said, "but in security, we are the anti-Christ of awesome."
With the billions of dollars being invested into cybersecurity startups, though, there is a lot of awesome being developed.
Perkins defines the IT midlife crisis as the crossroads between security and the Internet of Things (IoT), and the way for IT professionals to move forward is to define the role of IT in business. "Digital business means looking at risks and understanding how IT and business are so interrelated and then developing a methodology for prioritization," Perkins said.