Cybersecurity INSIGHTS

The CISO and the Cyberattack

Steve Stone is the head of Zero Labs at Rubrik, which is a new cybersecurity research team that Stone leads. Their purpose is to give voice to folks on the front line of cybersecurity and provide organizations with the latest threat data from their security research activities. It’s called The State of Data Security and it tries to expose and it does, the effects that years of rising threats and expanding threat vectors are having on organizations, people and our confidence in their ability to protect the data. In addition to heading up Rubrik Zero Labs, Stone teaches cybersecurity topics at McKendree University and was the vice president of adversary operations at Mandiant for five years. He was also the global intelligence lead at IBM for several years, an engagement lead at FireEye for a few years and started out in the Air Force Office of Special Investigations as a senior investigator. So, Stone has a heavy background in investigation and discovery here.

The State of Data Security Report provides an important view into the realities that IT and security teams face on a moment-by-moment or day-to-day basis. Some findings were that 98% of IT and cybersecurity leaders have dealt with a cyberattack in the last year, which is amazing.

It shouldn’t be because we get at least one every day that we are aware of. And apparently, the average among those folks that were surveyed is 47 attacks per year. Since Stone has been around for quite some time, he weighs in on why this keeps happening: 

So when we talk about that audience having to deal with almost all of them, 98% of them at their level had to deal with a cyberattack in the last year, with an average of 47 cyberattacks in that timeframe. That jumped out at me. I’m not surprised that organizations are dealing with cyber events. We know that. I’m not surprised that there’s all kinds of events and investigations and breaches and all these other things that organizations deal with. We’ve known that. What jumps out is the seniority level. This is a topic that this seniority level was not dealing with that long ago, or at least, not in this kind of fashion. So I think that’s one of the biggest findings out of this report.

In this episode of Cybersecurity Unplugged, Stone also discusses:

  • How the CISO job level is affected by cyberattacks;
  • The difference between CISOs’ best intentions and their ability to execute those intentions;
  • Progress around his report and respondents believing that public and private partnerships are important to solve cybersecurity challenges.