sb-eu logo
Story image

McAfee CEO reveals his view of cybersecurity’s future at MPOWER

19 Oct 2017

McAfee partners, customers and executives converged on Las Vegas for McAfee MPOWER, which takes place at the ARIA convention centre over the next two days.

CEO Chris Young opened the conference by reiterating the community solidarity after the recent shootings; something that is also relevant for cybersecurity’s first responders.

Earlier this year McAfee separated from Intel and took its place as a standalone company, but did not completely sever its ties. In April, SVP of Intel Software and Services Group Doug Fisher expressed his support for McAfee as one of the biggest standalone companies in the cybersecurity industry.

At MPOWER today, Young let attendees decide what his talk was about – ‘read your mind’ or ‘read your future’ – through live, online voting from the audience, the future was the clear winner.

Security is truly dynamic and will continue to innovate

“We’re in one of the most dynamic industries you can possibly imagine because you can’t tell what’s going to happen from one day to the next,” Young says.

From the headlines comes a sense of desensitised attitudes towards security, but what happens when it hits organisations in real life, he asks.

“Predicting the future is sobering because there are thousands of organisations making their name in cybersecurity.”

He believes that endpoints will be more defined, automation and orchestration, analytics, threat intelligence management.

“Whether you have a SOC or not, you have security operations,” he adds.

Threat landscape – threats will never go away

Young says the past is the best predictor of the future.

“If you take one of the more common threat types today – ransomware, for example – it has actually been around for more than 30 years. We saw the first ransomware attacks in the late 80s. It wasn’t until that Bitcoin and other cryptocurrency took off that ransomware exploded.”

Today’s threats are derivatives of the past, evolving as adversaries change their motivations.

“We see attacks that go beyond malware itself. Some may call it fileless. We’re seeing benign scripting languages like PowerShell and JavaScript.”

He believes that attack vectors are blurred as multiple vectors converge and with many different attack patterns. What does this mean for those who are trying to prevent attacks?

Attack defence patterns will change and it will be difficult to categorise different types of attacks. It may not be a certain type of malware like a Trojan anymore – it could be a combination of many different attack types.

“There’s no silver bullet approach to dealing with any one style of attack. We must operate our defences as a whole that is greater than the sum of its parts.”

McAfee honed its portfolio to the ‘protect, adapt, detect’ approach in order to progress the threat defence lifecycle and make it a reality.

Security architecture needs to change

We need to increase bandwidth, control device security and basic security hygiene in order to move architecture from where it has been to where it is going, Young says.

As networks become more encrypted and opaque, network protection is increasingly difficult. Young sees the network as a transport layer; cloud and endpoints are where protection will be concentrated.

Resources are scarce – but change your perspective

People are the scarcest resource of all. This is driving the ‘skills shortage’, Young says. Architecture can only get organisations so far.

“We have to stop thinking about the cybersecurity skills shortage. Stop calling it a problem, call it a talent efficiency opportunity. We need to keep threat responders up to date on the threat landscape and keep the best people in your organisation. Those challenges put a different lens on the talent ‘problem’”.

People, processes and technology have to work together. Threat intelligence and operations, analytics and data science can facilitate human-machine teaming that, Young says, may completely change the security game.

McAfee MPOWER continues in Las Vegas on October 18 & October 19.

Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More
Story image
Proofpoint launches new SMB focused security awareness training
Proofpoint has launched security awareness training for small to medium businesses (SMBs) with the aim of reducing successful phishing attacks and malware infections to almost zero. More
Story image
Radware issues security alert, warning of global rise of DDoS-for-hire
Efforts from corporations, law enforcement and independent researchers around the world have attempted in the last two years to curb this growth – but the industry keeps growing says Radware information security researcher Daniel Smith.More
Story image
The guide to digital security in unstable times
An increase in vulnerability across different sectors has meant that 2020 has seen more than its fair share of cybersecurity incidents. One of the most effective ways to combat the perils of today’s cyber-threats is to gain a better knowledge of the threat vectors looming over the heads of organisations. More
Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Gartner predicts 75% of CEOs to be liable for cyber-physical security incidents by 2024
The nature of CPSs means incidents can quickly lead to physical harm to people, destruction of property or environmental disasters – and Gartner’s new research indicates that these incidents will increase drastically in the next few years if the lack of spending on these assets continues.More