Cyber security in the future depends on education -- education not only inside an organisation -- but I believe we need to drive cyber security education into our culture through education programs in schools, community groups, and even for parents and grandparents who use computers and the Internet more and more.
We need to make sure we teach security at a grass roots level so that kids coming through school are prepared for the complexities of cyber security and it becomes second nature both at home and in the workplace.
Q: In today's always connected world, where are the biggest source of threats to enterprise security?
Sentonas: I believe that one of the biggest challenges in security today is an internal one, specifically the challenge in managing an internal network and the users inside that network with decreasing visibility and management.
So much focus is placed on increasing external threats. Whilst they are absolutely real, I don't think we should be focusing on what percentage increase there is in Android malware, or how many new viruses are released per second.
Whilst that information is important, I think organisations have a bigger challenge knowing what is going on inside the network, specifically having visibility on what devices are connecting, what vulnerabilities and threats are inside the network and what processes are in place to manage the organisation. We also need to consider that the adversary has an advantage from a speed perspective and from their single focus to attack our networks.
Organisations need to evolve their internal security and solve a visibility challenge from a defence perspective, given that most of the solutions they use work in silos which means they don't share any threat intelligence with the rest of the organisation and security infrastructure.
The inability to share information and capture visibility across the organisation undermines an organisations ability to evolve and adapt to changing threat landscapes. To solve this visibility challenge we need to build what I would call orchestrated defences, which is made up of solutions that share what they have learnt about every event and attack on the network to better mitigate the threats facing us moving forward.
Sign up for CIO Asia eNewsletters.