Brian Linder is an Emerging Threats Expert and Evangelist in Check Point’s Office of the CTO, specializing in the modern secured workforce. Brian has appeared multiple times on CNBC, Fox, ABC, NBC, CBS, and NPR radio, and hosts Check Point’s CoffeeTalk Podcast and Weaponizers Underground, and has teamed on keynote CyberTalks at Check Point’s CPX360 events. For 20+ years, Brian has been an advisor at the C-level to firms big and small in financial, legal, and telecommunications, on next generation cyber security solutions and strategies for cloud, mobile, and network. Brian holds a B.S. in computer science from Drexel University and an M.S. in Information Science from the Pennsylvania State University.
In recognition of National Computer Security Day, held each November 30th, we’re speaking with an esteemed industry expert about how you can exponentially elevate your cyber security – without breaking the bank or burning out.
As traditional security mentalities fade in relevance and new ones gradually replace them, cyber security leaders are living in limbo. Expert Brian Linder explains how to become part of the future while protecting your organization and your people.
This is how you can break free of one-dimensional thinking, achieve holistic cyber risk management excellence, and move your organization forward.
Why are security leaders feeling “stuck” when creating secure environments?
Cyber security leaders are often trapped in a binary mindset – either your organization is secure, or it isn’t secure.
Leaders often feel that they’ve balanced the risks that are out there with the controls in-place; they’ve made the right investments, reduced the organization’s risk, and the best possible outcome has already been achieved.
However, given the evolution and unprecedented volume of threats, this mindset creates a real challenge for leaders.
What firms should be looking at are ways to achieve a very firm security stance throughout their organization by using security tools that are consolidated, that are comprehensive, and that aren’t addressing niches, but rather that address the totality of the threat landscape.
And that’s where we see a lot of solutions emerging.
Could you expand on that?
Rather than looking at cyber security as a complex and binary problem (with emphasis on a lot of little solutions) look for a consolidated and comprehensive approach that’s evolving at the speed at which threats are evolving.
That’s the way to get out of the rut that you’re stuck in. Obviously, budgets and staffing aren’t going to change anytime soon – so you’ve got to learn to be creative with your budget. You’ve got to learn how to use your man-power that you have available.
And that’s where a really strong platform for cyber security can help, as it requires less man-power, the investment can be controlled, and it can get you out of that rut, and more importantly, reduce the risks that your organization is facing.
What are the top proactive steps that leaders can take to strengthen cyber security?
First and foremost, stop looking at cyber security as a collection of point solution issues. Stop looking at endpoint, user, server or cloud as separate domains to be addressed individually. Start to look at a consolidated approach to cyber security. There’s no other way to do it.
I’ll give an example: If leaders look at mobile devices separately from the cloud, separately from laptops, and separately from the data center server, leaders will find themselves completely overwhelmed. There won’t ever be enough budget to solve it, nor enough staffing. To snap out of that, it’s important to view devices and their interactions more holistically – at a much higher level, across your whole organization.
The threats that leaders face pervade all of those different domains – the user, the server, the cloud; in ways that we can’t even conceive of, even as experts. So, again, start looking more holistically. Start looking at the bigger picture.
My suggestion is to start at the top and to work all the way down, rather than starting at the bottom and working all the way up.
Humans are the weakest link. How can organizations encourage employees to become better stewards of cyber resources?
I love this question. Why? It’s a trick question.
All of us need to acknowledge that, inevitably, humans are and always will be the weakest link in cyber security due to human nature. In turn, leaders have to develop comprehensive strategies that stretch across the organization to anticipate and defend against cyber attacks that exploit psychological vulnerabilities. These include on-the-fly user education, use of AI and ML tools for defense, and proactive measures to prevent user-driven threats.
I’d like to note that while user training is important, it’s not a comprehensive solution. And that’s been demonstrated over and over and over again, through decades of user experiences, where even the most sophisticated and educated of users are still clicking on phony links or answering those emails. Human nature is what it is.
To counteract this intractable problem, industry leaders are developing and advancing platforms that incorporate behavioral learning into threat prevention.
How would you recommend that organizations recognize National Computer Security Day?
Well, I’m not a big fan of what I call Hallmark holidays, but what I do believe is that any moment (any week, any month, any day) where we can take notice of the challenges that we face in cyber security is a good day.
This particular day prompts us to make a mental note of how important cyber security is. And it hopefully also inspires our user communities to remain vigilant and to remain aware.
As we go into the holidays, in both the personal and professional spheres, we see the proliferation of scams and distractions. Given how easy it is for people to get swept up in a scam, National Computer Security Day is a good excuse for all of us to collectively take note of the fact that good cyber practices and a good strategy for defending against a fast-evolving threat landscape are needed.
So, I welcome the opportunity to honor National Computer Security Day and hope that organizations will leverage the moment to reappraise and reorient security programs for the betterment of security and society at-large.