2. I think we’ve moved past “breaches as
events” to breaches being the norm. Their
character and details may change, but the
industry as a whole has to accept that this
activity is continuous. Why is that import-
ant? It changes how we mobilize defense. If
you build defenses around the idea that
there’s a point-in-time event requiring a re-
sponse, then you focus on different tactics.
If you consider breach activity as a more
continuous process, then you defend more
continuously. This isn’t a binary change; It’s
not that it was one way and is now the other.
It’s a shifting characterization that demands a
shifting defensive strategy.
Tim Erlin
@terlin
3. For years, vendors have gotten better about
communicating security issues and details re-
lated to them, but 2017 was a major step back-
ward for some of the largest vendors. Those
companies removed the focus from communica-
tion and information sharing.
They also stopped providing customers with op-
tions. Imagine you walked into the pharmacy to
pick up multiple prescriptions and the pharmacist
handed you a single bottle of liquid and said, “I’ve
blended everything together. There could be drug
interactions, and there are side effects, but I’ll let
you discover those on your own.” That’s essentially
what some of the largest vendors decided to do
this year, and it was rather disturbing to see this
giant backward leap.
Tyler Reguly
@treguly
4. The New Year started with modifications to em-
ployee training that includes more detail on
phishing awareness, both general and targeted.
We also realized that a year between employee
awareness trainings was way too long. Now we
run a 15-minute training with 3-4 questions every
month just to keep it fresh in the employees’
minds. We also learned that no matter how well
trained our employees are, somebody’s going to
click that damn link.
Privileged access management has always been one
of my concerns, but in response to the speed that
new 0-day exploits are being delivered and the ease
with which lateral movement happens, we put a
strong move to get rid of local admin on endpoints
and put in place a program to manage privileged
access in the data center.
Michael Ball
@Unix_Guru
5. I had thought I had seen it all. Then INFOSEC
2017 arrived, and I realized I hadn't seen any-
thing yet. I saw that keeping your production
infrastructure up-to-date with patches and
updates really is important. Now every CSO
can point to Equifax.
I saw that having a DLP process in place to
detect the insider hoarding or stealing really is
important. Now every CSO can point to NSA's
three incidents or Google's Waymo, which saw
one of its senior most engineers spirit thousands
of documents.
Yes, in 2017, we held the beer and watched data
flow out of far too many entities. May 2018 be
the year that security is a forethought and not an
afterthought.
Christopher Burgees
@burgessct
6. Effective cybersecurity requires firmness and flexi-
bility. The mature cybersecurity professional knows
when to be firm and disciplined and when to be
open-minded and flexible. Firmness is necessary in
fostering the right mindset in an organization since
human behavior is a major (arguably the biggest)
factor. Flexibility is necessary for adapting to new
threats since a rigid vulnerability or risk management
program will remain oriented towards yesterday’s
threats.
Too often, security leaders may compromise founda-
tional controls or discipline in the name of flexibility
while holding fast to a rigid view of the threat envi-
ronment or refusing to consider emerging technolo-
gies.
Success depends as much on these as it does on poli-
cies, procedures and platforms.
Maurice Uenuma
@TripwireInc
7. I mainly thought of the major credit bureaus
in the context of users needing to monitor
their credit reports for suspicious activity. I
never thought we’d see something along the
lines of the Equifax incident. Data breaches
pose a threat to all organizations, but the
risks are more severe when that company is
responsible for safeguarding the personal in-
formation of millions of consumers.
I recommend all users consider placing a credit
freeze on their reports. Also consider opting
out of preapproved credit offers and locking
down credit card/bank accounts with notifica-
tions for every type of activity and transaction.
David Bisson
@DMBisson
Example diagram of an industrial network that Tripwire can secure and ensure policy / compliance
8. I learned how vulnerable Windows' Server
Messaging Block was, especially in regards
to this year's WannaCry and NotPetya at-
tacks. Related to that, EternalBlue really
opened my eyes about how many exploits
intelligence agencies may be sitting on.
I think this offensive approach to cyberwar-
fare is terrible. People who work for intelli-
gence agencies may feel overconfident about
their ability to keep cybersecurity exploits
and other cyber attack methods to them-
selves. But quite frequently, they end up on
WIkiLeaks. Their exploits may also be shared
on IRC or on the Dark Web.
Kim Crawley
@kim_crawley
9. From the major stories I've covered this year
the one thing I've learned is the value of im-
mediacy. As a journalist, you're looking to get
something put together fast and published
with the bare minimum of facts and figures.
It's easy to pick up the wrong facts and report
something incorrectly, so this year I've come to
rely on a number of people whose perspective I
trust on breaking issues.
The capability to create a breaking news story is
something that the journalist needs to do well.
So my biggest lesson learned from 2017 is on
how to work fast, accurately, and under pressure
on something that the world wants to know more
about.
Dan Raywood
@DanRaywood
10. The first thing I learned was to never make
infosec predictions. The more important
lesson from the year is that, contrary to
what many of us think, our friends and
family are not so resistant to security.
Despite some of the stories about bad securi-
ty practices, most folks are very serious about
security. The challenge is that they need to
understand it before they leap into it.
Most folks just want to know more about how
everything we are promoting in security is
going to protect them. If we can clearly articu-
late that, then we will see a shift towards more
security. Let’s make that the mission for 2018!
Bob Covello
@BobCovello
11. This year, I learned it's healthy to take
a step back, re-evaluate things, and
make changes if necessary.
I had spent so long working deep in
one problem space that I missed a lot
of interesting changes in the security
industry. I felt I would benefit from
something new, so early in 2017, I de-
cided to make a role change. I was able
to spend the year working with multiple
new technologies, platforms, and lan-
guages, and I am happy and refreshed
because of it.
Ben Layer
@benlayer
12. For the latest security news,
trends & insights…
visit tripwire.com/blog
and follow @tripwireinc