Forcepoint CEO Matt Moynahan says the cybersecurity industry’s focus is flawed.
According to Moynahan, way too much time and effort has been spent on securing technology stacks. If the security paradigm is to change, there must be more effort placed on modifying people’s behavior when they use technology.
“We have to shift,” Moynahan said at the Cybersecurity Leadership Forum, presented by Forcepoint and produced by CyberSoop and FedScoop. “Shift our programs, our policy approach, to start thinking about people and data, and not necessarily infrastructure.”
Moynahan told a crowd in Washington, D.C., Wednesday that the concentration on endpoints and networks has failed to take into account that people — both regular users and nefarious ones — modify their behavior as new tech emerges. This focus has led to the escalating problems the industry has seen today, with breaches exposing people’s personal information and nation-states using the Internet to cause worldwide havoc.
“The current approaches feel pretty antiquated to me,” he said. “It’s bizarre that we started with the network, and the endpoint, and all these artifacts, as opposed to going right to the identity, and thinking about how do we manage that and the things [users] do on the network.”
A big part of Moynahan’s reasoning is due to the continued use of phishing to obtain access to enterprise networks. Numerous studies have shown that phishing schemes are constant despite the concerted efforts to educate users or solve the problem with a piece of software.
With nation-state hackers using phishing schemes that target both the public and private sector, Moynahan says focusing on behavior patterns could stop these sorts of attacks before they cripple an enterprise.
“It really all comes down to behaviors and understanding the identities that are on your network,” Moynahan told CyberScoop. “If a nation-state breaks into a facility, that behavior should jump out. It shouldn’t require something to get exfiltrated outside of an organization, or for it to hit the newspapers or some other source of public information, to make us aware that something bad happened, which is typically still how it happens today.”
Moynahan ultimately believes that once a shift in thinking in complete, the onus of understanding and limiting an enterprise’s risk profile will become considerably easier.
“Behavior, if you understand it properly, can help with a lot,” he said. “Far more than a box trying to catch malware or trying to patch some DevOps environment that you are never going to be able to successfully do. The power of this is profound.”