BitSight CEO on Nation-State AttacksShaun McConnon Says Security Preparedness Falls Short
The advanced and persistent nature of today's cyber-attacks, which are often waged by nation-states, is changing the way organizations address network security, says Shawn McConnon, CEO of BitSight, which specializes in business security preparedness.
These emerging attacks are now being waged against a much wider variety of hardware, including mobile devices, he explains in this exclusive Executive Session interview with Information Security Media Group. "There is no perimeter anymore," he says. "There are many more touch-points in a company today," which, in turn, has made it easier for hackers penetrate networks.
Hackers, especially nation-state actors, know that most organizations fail to adequately address risks posed to their networks by third parties, McConnon says. "Businesses today outsource everything ... and it's very hard to ensure security when you're outsourcing."
Hackers are increasingly targeting less- secure third parties to ultimately gain access to organizations' primary networks, McConnon explains. "You can't prevent hacks. But you should focus on the information," he says. "You've got to be able to look at your third-party risk and have somebody on your team who's looking at that risk regularly."
During this interview, McConnon also discusses:
- How threat actors have changed over the course of his career;
- Why it's a mistake to rely on annual security compliance assessments to determine overall cybersecurity; and
- Why risks posed by employees and even customers can be as serious as those posed by vendors.
Before BitSight, McConnon was the CEO of several IT and security start-ups, including Q1 Labs, now part of IBM; Okena, now part of Cisco; Axent Technologies, now part of Symantec; and Raptor, which recently went public. He also helped to launch Home Away Boston, a not-for-profit organization that provides free housing for families with children being treated at Massachusetts General Hospital for Children.