Book Preview: Modern Cybersecurity, Preface

by

On October 19, 2021, we published a book, "Modern Cybersecurity: Tales from the Near-Distant Future". Over the next few weeks, we'll be publishing excerpts from the book.  Our first excerpt is from the Preface by Erkang Zheng.

Modern Cybersecurity - Hardcopy or Digital - JupiterOne

Preface

Cybersecurity is transforming. The last decade of cyberattacks, threat actors, and an endless stream of breached data was just a catnap compared to what's coming next. Only by understanding the changes that have taken place in information security can we anticipate the profound metamorphosis the industry will undergo over the next three to five years and what we must do to prepare for it. 

I remember the days when cybersecurity meant analysts sitting in the SOC, staring at four screens all day long.  Servers and workstations were housed in a physical location, and security was operationalized from a defensive posture, fortified by a tangible perimeter and focused on protecting a relatively contained set of "things." We built our approach to security upon our understanding of the physical environment and what it took to protect it. We conducted annual penetration testing and PCI assessments as a sufficient measure to provide peace of mind in security for most organizations. For years, we assumed and relied upon our technology infrastructure and operating environments being relatively static, with only material changes no more than once or twice a year.

This concept has transformed into a new vision for security. Everyone is adopting the cloud. Everything in technology is becoming software-defined. Across every industry, the COVID-19 pandemic further accelerated these trends, cramming a decade's worth of digital transformation into a single, unprecedented year of change. Yet, at the same time, we've all continued the endless struggle against a rapidly-metastasizing cybercriminal contagion.  

As a result, our concept of security must be re-evaluated: But what is its new foundation? What are the new basics for cyber operations? Physical boundaries are no longer a limiting factor. Even the logical boundaries are getting harder to define. The new perimeters surround an individual piece of data, or an individual user identity, most of which is defined on the software, application, and data layer. It is no longer enough to find and protect cyber assets. We must also understand their relationship to one another.  

The impact and outcome of security breaches are drastically different within these types of relationship-based environments. What we are now seeing is cyber espionage on a nation-state scale against commercial or public interests. A ransomware attack against a hospital can result in loss of life, not just financial disaster. Factor in an attack spanning an entire city, or a region, and it's clear that the scale of risk and its potential impact are escalating fast.

The industry is racing to develop new approaches and solutions to adapt to this changing environment. From small startups to global enterprises, the first line of defense is the organization itself. The larger the enterprise, the more this becomes a company-wide responsibility. 

The current state of defense is in the form of security teams. But as part of the cybersecurity transformation currently taking place, companies are beginning to re-evaluate and relearn the basics of cybersecurity. Unfortunately, companies have counted on little or no help from public entities or the government in terms of prevention during this transformation phase. But that's starting to change. Organizations such as the Cybersecurity and Infrastructure Security Agency (CISA) engage with the private sector to help address this particular issue. As a result, the future of cybersecurity is in a symbiotic public/private partnership. Conceptually, it marks the transition to a new era for security.

Read more....

 

Download Modern Cybersecurity: Tales from the Near-Distant Future - JupiterOne

 

Erkang Zheng
Erkang Zheng

I founded JupiterOne because I envision a world where decisions are made on facts, not fear; teams are fulfilled, not frustrated; breaches are improbable, not inevitable. Security is a basic right.

We are building a cloud-native software platform at JupiterOne to deliver knowledge, transparency and confidence to every digital operation in every organization, large or small.

I am the Founder and CEO of JupiterOne, and also a cybersecurity practitioner  with 20+ years experience across IAM, pen testing, IR, data, app, and cloud security. An engineer by trade, entrepreneur at heart, I am passionate about technology and solving real-world challenges. Former CISO, security leader at IBM and Fidelity Investments, I hold five patents and multiple industry certifications.

Keep Reading

Proactive IAM Security: Transforming Identity Security with Actionable Insights | Okta Integration with JupiterOne
December 19, 2024
Blog
Unlocking Proactive Security: How Okta and JupiterOne Elevate IAM Insights

Unlock proactive IAM security with Okta and JupiterOne, gaining real-time insights, enforcing least privilege, and reducing risks in dynamic cloud environments.

Transitioning from Vulnerability Management to Exposure Management | JupiterOne
December 13, 2024
Blog
Transitioning from Vulnerability Management to Exposure Management with JupiterOne

Explore Gartner's latest report on Exposure Management and learn how your organization can prioritize vulnerabilities and minimize exposures.

The Ultimate CAASM Guide for 2025 | JupiterOne
November 20, 2024
Blog
The Ultimate CAASM Guide for 2025

Discover how Cyber Asset Attack Surface Management (CAASM) is providing enhanced visibility of internal and external assets in 2025.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.

15 Mar 2022
Blog
One line headline, one line headline

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud eiut.