Take Five: Keysight’s CISO Discusses Cybersecurity’s Past, Present, and Future
Scott Behm, Keysight's CISO
This interview is excerpted from Keysight's Geek-to-Guru Guide: Offensive Network Security
Security is a journey, not a destination. Between new technologies, emerging threats, and seismic shifts in the cultural landscape, nothing stays static for long. In that spirit, we caught up with Scott Behm, Keysight’s chief information security officer, to get his take on leading enterprise security teams, how 2020 shook things up, and what the future may have in store.
If we could rewind the clock two years, what could the IT world have done to better prepare for the diversity of risks offered by 2020?
2020 did indeed deliver the IT and cybersecurity community a diversity of trials and associated risks. Defending against increasingly sophisticated threat actors while addressing the people, process, and technology challenges associated with enabling effective and secure remote work almost overnight has definitely been interesting. On a positive note, we have all learned new ways to innovate and deliver. In some cases, we have yielded results even better than before.
As they say, hindsight is 20 / 20. In 2020, the IT world has proven its resiliency — and, overall, done well at enabling organizations to get the job done under extreme circumstances. Many lessons were learned along the way, and it most certainly wasn’t the same journey for all. Looking forward, a greater focus on scenario planning for unthinkable crises will help us better future-proof our institutions and interests.
If you learned tomorrow that you were the victim of a ransomware attack, what’s the first thing you’d do?
As you know, ransomware attacks — if successful — can have a major impact on their intended targets. As such, it is imperative that companies prepare using tabletop exercises, coordinated blind simulations (making participants believe it is the real thing), or purple team exercises to test not only their response but their ability to detect.
At Keysight, if we discovered or otherwise learned that there were indications of a ransomware attack, the SOC [security operations center] would immediately enact the ransomware playbook. The designated incident commander would begin coordinating communications with both responders and business stakeholders. Concurrently, the SOC would work to understand the scope of the attack, so appropriate containment and mitigation procedures begin as soon as possible.
What role do you think artificial intelligence (AI) and machine learning (ML) play in cybersecurity? What role can they play in the next five years? Do you think offensive use of ML will offset potential gains in security?
Artificial intelligence and machine learning are indeed starting to play a role in cyber defense. Today, AI / ML is helping in two areas...