In a recent interview conducted by Dark Reading News Desk, Kelly Shortridge, a senior principal at Fastly, discusses her research on the resilience revolution in cybersecurity. According to Shortridge, the current problem in cybersecurity is that defenders are too slow in comparison to fast-evolving attackers. Her solution is to imitate attackers by being nimble and constantly evolving, thus initiating a resilience revolution.
Shortridge defines the resilience revolution as a transformation in which security teams learn to respond better to attacks rather than solely focus on prevention. She believes that just as failures are inevitable in complex systems, attacks are also inevitable. Therefore, the key mindset shift that needs to occur is the focus on minimizing impact and improving the ability to respond and adapt to attacks over time.
To implement this transformation, Shortridge suggests several practices. When it comes to incident response, she emphasizes the importance of analyzing all contributing factors to an attack rather than simply blaming human error. Understanding all the complexities and factors involved in an attack is crucial for improving the response. Additionally, Shortridge advocates for the use of automation to speed up the response process. By using tools like infrastructure-as-code, security teams can quickly update block lists and patch vulnerabilities, thus minimizing the impact of attacks.
Shortridge also highlights the practices that defenders can learn from attackers. Attackers are known for their speed, nimbleness, and ability to leverage automation. Defenders should aim to experiment and challenge their assumptions, just as attackers do. Shortridge suggests conducting chaos experiments to verify the effectiveness of security controls and proactively probing system vulnerabilities.
Despite the challenges and regulatory constraints faced by the cybersecurity industry, Shortridge believes that the resilience revolution is achievable. She proposes viewing security as a subset of software quality and advocates for a “secure by design” approach. This involves embedding security measures into the system’s design to reduce manual effort and increase flexibility.
When asked about the potential conflicts between legacy systems and the implementation of new security measures, Shortridge argues that collaboration between security and software engineering teams is crucial. Both teams have a common goal of modernizing systems for reliability and profitability. Changing the system’s design can be a less risky proposition than relying on bolt-on security tools and can protect critical operations.
In conclusion, Kelly Shortridge’s research emphasizes the need for a resilience revolution in cybersecurity. By imitating attackers and embracing a mindset of adaptability and speed, security teams can better respond to evolving threats. Implementing automation, analyzing incident factors, and challenging assumptions are suggested practices for defenders. Collaboration between security and software engineering teams is key to successfully transforming the cybersecurity landscape.