CYBRIC CTO Mike Kail Discusses 'Cultural' Preventive Practices In Cybersecurity

Most companies are aware of how important sound cybersecurity practices are today, but in many cases, businesses have to tailor their strategies around protection and recovery from attacks. International Business Times talked with Mike Kail, chief technology officer at CYBRIC, about current cybersecurity trends and the upsides of taking a preventative and "cultural" approach towards security and protection.

CYBRIC works with companies and allows them to develop replicas of their application environment and scans it repeatedly for potential vulnerabilities. Prior to joining CYBRIC in 2015, Kail held senior executive roles at companies including Yahoo and Netflix, where his work included a focus on information technology operations.

IBT: For companies concerned about cybersecurity dangers, what hurdles have they typically run into when it comes to putting sound practices into place?

Kail: One of the biggest hurdles unfortunately tends to be cultural, not technological. Security is still too often viewed, and often presented, with a veil of mystery and fear, or, worse yet, not properly prioritized.

Another challenge is that security tools and initiatives are tactically “bolted on” at the end of a given project instead of being integrated into a given initiative at the onset. Lack of clear communication around the ‘why’ of the security practice instead of just focusing on the myopic ‘how’ is another area that trips many companies up.

With CYBRIC's work, what are difficulties and benefits of taking a preventive approach towards cybersecurity for a business?

Once again, one of the main challenges that we’ve seen is cultural, where many times there is an inertia of “because that’s the way we’ve always done things” and/or “we’re not ready yet." The preventative approach also initially requires strong collaboration between the lines of business and the security team, which is what we talk about with the term ‘DevSecOps’.

The upsides to seamlessly embedding security into areas such as the Software Development Life Cycle is finding vulnerabilities and defects early on into the process (“Shifting Left”) as well as continuous visibility into the company’s security posture and increased resiliency.

What’s one cybersecurity issue that businesses should be paying attention to?

I think viewing cybersecurity issues as single areas of focus is a large reason why we continue to see so many breaches. The tactical ‘whack-a-mole’ approach to security results in siloed efforts that have limited visibility. Security needs to be approached and implemented as a strategic framework that is continuously evolving and monitored.

“Ticking the box” on risk and compliance measures is an incorrect way of approaching security resiliency. Hackers are attacking enterprises continuously from numerous vectors, and we need to take the same approach and start playing offense in addition to defense.