Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
In the short term, forward-thinking organizations will look to combine conventional antivirus technology with supplemental, and often inexpensive, approaches: investigating network-layer controls on their hosts, restricting service profiles, proactively patching both operating systems and applications, using Layer 7-capable network-scrubbing devices, deploying more comprehensive host protection suites and using less-vulnerable applications. Some of these tactics will require further investment but many simply need organized efforts to better control what you've already purchased. Long-term, enterprise consumers must demand mandatory access control (see "The Promise of MAC,") and better coding standards in mainstream software. Our OSs and applications should protect us from threats, not expose us to them.
Evolving Vectors
Almost everyone is familiar with the phrase low-hanging fruit as it applies to information security; it's typically used to describe the security problems or holes that are the easiest or cheapest to address, yet often yield a relatively high return by lowering an organization's overall risk profile. Another buzzy term making the rounds is blended threat, used to reference attacks that come over a variety of mediums (Web, instant messaging, e-mail, file sharing and so on). Marketing aside, this parlance is a direct result of real-world changes; even basic attacks are appearing in new forms, and the weakest points in our defenses are continuing to shift. But that's only part of the story.
In looking at perimeter trends, it's clear that many organizations have realized the importance of patching and service exposure restrictions. Vulnerability management provider Qualys, for example, says it continues to see a decrease in lead times that pertain to the patching of perimeter-facing systems and related exposures. Gerhard Eschelbeck, CTO and vice president of engineering at Qualys, shared some of its trending data (see "Vulnerability Half-Life," right), which shows that organizations are patching many of their systems in a more organized, timely manner.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
