Partner Q&A – Head of Orca Tech on staying ahead of dynamically changing attack surfaces

How can organizations find clarity amid chaos?

Skybox Security has partnered with Orca Tech, a cybersecurity and analytics distributor covering Australia and New Zealand, whose expertise recently saw them place fourth in the Deloitte Technology Fast 50 2020. Skybox Vice President of APJ Shantanu Srivastava sat down with Orca Tech Managing Director Craig Ashwood to gain his perspective on the current state of play for cybersecurity.

Shantanu Srivastava: 2020 was a year of massive disruption for businesses. At the onset of lockdowns, we saw the emergence of a distributed workforce. This, in turn, accelerated digital transformation and led to rapid cloud and SaaS migration. From your perspective, how has this change affected security strategies?

Craig Ashwood: From a broad view, change barriers and procrastination were previously the biggest issues standing in the way of SaaS and cloud. The pandemic virtually eliminated these barriers. In the blink of an eye, organizations had to pivot under immense pressure to tackle unknown challenges. Suddenly, the risk of doing nothing far outweighed the risk of moving to SaaS and cloud. In response, new security strategies needed to be created, with existing plans altered and accelerated.

Owing to the rapid pace of change, there’s no doubt that mistakes would have been made. Equally, there will be some firms who acted too cautiously. Strategies need to evolve continuously. This has been particularly true over the last year. But one thing’s for sure: automation and meaningful risk-based visibility will play a key role in this evolution.

SS: The landscape is also continually evolving. For example, supply chain risks are increasing in profile. How concerned are you about these risks?

CA: The recent SolarWinds breach shone a light on just how many attack and compromise vectors could be lying dormant. Now, supply chain risks will be a top concern for everyone. The move to cloud and SaaS that was accelerated during the crisis will have brought with it more in-depth thought about their platforms that could be compromised. They know they can’t assume that cloud and SaaS-based platforms are inherently secure, and they know that they need to be able to build strategies that enable them to respond to these risks through automation and other tactics quickly.

SS: You mentioned automation – do you think this has now moved beyond a “nice-to-have” for most organizations?

CA: Automation is no longer an option in today’s environments. Security teams cannot scale to manage increased risk. We work with companies that have millions of alerts every day. If you have no risk-based approach to automation, how do you manage that? Do you just wait for something to happen and then go and investigate it? Or do you find a way to filter through the noise and prioritize action with a risk-based approach? Automating a lot of decisions within the business is no longer just beneficial: it’s necessary.

SS: Change isn’t unique to the last year. It’s a constant in cybersecurity. How have you seen the CISO’s role change over the last decade?

CA: Ten years ago, the CISO was managing a known, or quarantined, environment. Today’s environment has so many more layers. Particularly now that remote workers are introducing a large number of new ingress and egress points and an increasing volume of third-party components are being introduced to the corporate environment. Complexity over the last few years has grown exponentially. There is so much to manage. The CISO needs the clarity of a risk-based approach to improve risk posture.

SS: Finally, how does the Skybox platform fit into your distribution strategy?

CA: Security posture has become a top priority for Australian companies for a variety of compelling business reasons, including Prime Minister Scott Morrison’s recent warning that ongoing sophisticated cyberattacks are targeting the government. Skybox Security not only helps organizations comply with local regulations, such as APRA’s Prudential Standard CPS 234 – it enables organizations to quickly map, prioritize and remediate vulnerabilities to stay ahead of their ever-expanding attack surfaces.

Skybox Security’s risk-based approach to network security management, vulnerability management, and threat management adds another complementary dimension to our vendor portfolio. Security teams have to deal with a lot of noise, as well as increasing workloads. If we can provide them with the means to quickly understand which threats pose the greatest risk and what to do about them – that’s extremely valuable.