What’s Changed (and What Hasn’t) in Cybersecurity

davidmeredith

What’s Changed (and What Hasn’t) in Cybersecurity

 Quick quiz: In what year was the following news bulletin published?

“Security experts are dealing with a virus that is spreading quickly through Windows operating systems… In a twist by virus writers, an email in wide circulation that offers a ‘fix’ actually infects the user’s computer with a different virus.”

Sounds like it could have been in the news yesterday, but it’s actually from 2004 — which illustrates what hasn’t changed in cybersecurity. Such security threats continue to abound. What has changed is the landscape in which those threats are launched. In 2004, few companies had adopted cloud computing. Today most organizations are striving to operate — and to secure —multiple public and private clouds, not to mention colocation environments, legacy on-premise systems, and hundreds of databases and other applications. As one of the leading providers of modern IT as a service, Rackspace is investing more than ever in technology and expertise to serve the rising need for multi-cloud security, which we address through a robust portfolio of managed security services, including Proactive Detection and Response, Compliance Assistance and Privacy and Data Protection, plus our recently launched Quickstart Solutions. As part of that commitment, we also strongly support National Cybersecurity Awareness Month, held each October since that news bulletin at the top of this post was published in 2004. Even after 14 years of raising awareness, the need for cybersecurity education is more urgent than ever. For example, spearfishing attempts have become increasingly sophisticated. One recent attempt appeared to be sent from a known contact, containing a link to a page with what looked like an Outlook login page, pre-populated with the recipient's email address and a space to enter a password. Fortunately, our internal security team blocked the attempt, as it does on a regular basis. Launched by the National Cyber Security Alliance and the U.S. Department of Homeland Security, Cybersecurity Awareness Month emphasizes “our shared responsibility”:

“Everyone has a role in securing their part of cyberspace, including the devices and networks they use… If each of us does our part — implementing stronger security practices, raising community awareness, educating young people or training employees — together we will be a digital society safer and more resistant from attacks and more resilient if an attack occurs.”

At Rackspace, that’s a sentiment we strongly support. We build the latest cybersecurity tools and compliance measures into our entire managed IT portfolio, including our services for customers who use the world’s leading private clouds (VMware, OpenStack, Microsoft), public clouds (AWS, Microsoft Azure, Google Cloud Platform, Alibaba Cloud), managed hosting and colocation. Even more important than tools, however, is the value of human expertise, and Rackspace has made that a central differentiator of our services. Rackspace security experts — including many recruited from U.S. and British military and government cybersecurity teams — are actively hunting for threats inside our customers’ environments in our 24x7x365 Customer Security Operations Center, while additional teams do similar work in our internal systems. “Pre-approved actions” agreed upon by the customer, allow analysts to move quickly, without the delay of additional notifications, when certain urgent threats or suspicious activities are detected. [Learn more: Taking a Page from the Hackers’ Handbook: The Power of Human Expertise] We serve more than 140,000 customers in more than 150 countries, including a majority of the global enterprises in the Fortune 100. We learn from, and share what we’ve learned with, their security teams. And, as members of the Cloud Security Alliance, we take part in regular threat intelligence exchanges with the biggest technology companies in our industry. As part of Cybersecurity Awareness Month, Rackspace experts will be speaking at an event in San Antonio open to those working in the industry — and those who’d like to be, the Texas Cyber Summit, Oct. 12-14. Rackspace Senior Director of Information Security Operations Daniel Clayton and Joshua Zganjar, senior security analyst and team lead, will be among the featured presenters, offering their take on the latest developments in cybersecurity, including topics like threat hunting, along with a look into a day in a life of Rackspace security analysts. The event also includes a career fair, where we’ll be recruiting for new members of our growing security team. A related event will be held at Rackspace headquarters on Oct. 24. RiskIQ is hosting a Threat Hunting Workshop, “designed to introduce security analysts, incident responders and SOC personnel to new methods and new threat datasets [so they can] investigate attacks more quickly and thoroughly.” I also recommend tuning into the weekly Twitter chats from STOP. THINK. CONNECT., the global online safety awareness campaign working to help citizens stay safer and more secure online, launched by the National Cyber Security Alliance and the Anti-Phishing Working Group. As Rackspace CEO Joe Eazor frequently notes, “the multi-cloud trend offers users great power and agility, but also confronts them with great complexity.” Nowhere is that more evident than in the challenge of securing multiple infrastructure environments and applications. Learn more about how Rackspace can help you meet that challenge, or reach out to one of our cybersecurity experts. Explore, learn and engage with Rackspace cybersecurity experts by visiting the Rackspace Security webpage.