Check Point Software CISO Jony Fischbein has a lot on his plate. Like many CISOs, he juggles the security of multiple corporate departments with thousands of employees, all of whom possess different personalities, security requirements, and potential risk factors.
"A lot of these departments … they want to drive to the same place, but they have different needs," said Fischbein in a keynote at this week's CPX 360 conference, in New Orleans. Each day he is tasked with making decisions to secure these departments and each of their employees, while also tackling his overall goal and greatest challenge in being a CISO: enabling business processes.
Tackling this challenge starts with addressing human-based issues. "People are the biggest asset and the biggest weakness in any organization," Fischbein said. "Engage them wisely."
This means knowing how employees can aid in your defenses, but more importantly the people you need to protect against. The first group includes overmotivated employees. "These employees will do stuff because they just want to promote the business," he explained, but they often do this by downloading tools and applications not sanctioned by the IT department. "Shadow IT," or the use of software without the business' consent, presents security issues.
While eager employees pose a risk, unhappy ones are considerably more dangerous. "These are the No. 1 people who will hurt the company," Fischbein added. Angry workers who are motivated to cause damage can use their access to steal contacts and code and expose internal data. "These problems are relevant to everyone," he said, noting that for every 1,000 employees, chances are five to 15 are unhappy. They may face penalties, he continued, but many unhappy employees forget about the contracts they signed when they started the job.
Cybercriminals and nation-states are the other two groups causing concern for Fischbein. As an example, he cited recent concerns of retaliation and potential cyberattacks from Iran in early January. "We have to immediately make sure our SOC was up-to-date," he said of the response. "All IP addresses from Iran are going to be immediately blocked, no questions asked."
The talk dove into two examples of how CISOs can help enable business processes. First, he said, is embracing the cloud and supporting the business' ability to use it. In the past year, Check Point's IT teams have worked in cloud environments and developed directly on them. One of their accounts is forbidden to be exposed to the Internet. If something is accidentally exposed, the team introduced a mitigation through which the incident is logged and sent to the SOC.
"The No. 1 topic that I believe is the reason for hacks or breaches in the cloud is misconfiguration," said Fischbein.
Understanding security incidents is a second example of how the CISO can support the business. It's essential to treat incidents well and thoroughly, said Fischbein, and it's equally important to not be surprised or panic when a breach hits. Be sure you know which teams will be involved in response and the steps they will take in investigating and mitigating the threat.
"What is key during the incident is to try to [record] lessons learned during that incident," he emphasized. "A month later you will not remember what happened."
Fischbein also spoke to the use of automation, which he believes will allow security teams to survive the challenges of today and the future. "All security pros, such as myself, have to open the gates to third-party solutions. We have an automated process to vet the new technologies we will connect to our systems, so [they] will be rapid and secure."
With respect to Check Point's own product line, he called himself "customer zero" for all of the company's tools.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "AppSec Concerns Drove 61% of Businesses to Change Applications."