Protecting the seams

Dealing with the threat of cybercrime

by Kevin L. Jackson, CEO & Founder, GovCloud Network

The low startup costs and huge profits associated with cybercrime have resulted in a thriving industry, and no company is safe from its reach. An Accenture report estimates that businesses could incur up to $5.2 trillion over the next 5 years in additional costs and lost revenue due to cybercrime “as dependency on complex internet-enabled business models outpaces the ability to introduce adequate safeguards that protect critical assets.” The root cause of this trend lies in the proliferation of dispersed networks, an explosion of data, disparate technologies, and complex security operations.

This seemingly untenable situation often leads to wide gaps or “seams” in enterprise security processes and procedures. Cybercriminals will gleefully exploit those seams and take as much as they can. This was also the topic of what I found to be the most important session of my RSA Conference 2019 experience. This panel, moderated by Javvad Malik, Security Evangelist for AT&T Business, featured:

  • Danessa Lambdin, VP AT&T Cybersecurity, AT&T Business
  • Jaime Blasco, VP & Chief Scientist, Alien Labs, AT&T Cybersecurity
  • Russ Spitler - AVP Product, AT&T Cybersecurity
  • Fredrick Lee, CISO at Gusto
Protecting the Seams2

Appropriately named, “Cybersecurity Is All About Protecting the ‘Seams’” the panelists discussed the challenges of and solutions for protecting seams.

Fighting cybercrime requires a coordinated and collaborative approach orchestrating best-of-breed people, processes, and technology. It also requires an understanding of the multiple business challenges presented by changing business environments and the evolution of cybercrime. Understanding and insight into these issues must lead to a focused program targeted at correcting any organizational security shortcomings. The program must also execute an appropriate change management process designed to help adapt an organization’s people, processes, and technologies to defend discovered “seams” in a company’s security.

Danessa Lambdin noted that “effective programs begin with an open and honest assessment process capable of addressing security essentials with a multi-layered approach.” She continued saying that business objectives must be evaluated within an appropriate regulatory and legal context. Enterprise systems and applications must also be scanned and evaluated to identify penitential exposure or vulnerabilities. Following this assessment phase, viable and worthwhile initiatives must be prioritized and appropriately funded. With an eye towards maximizing security investment ROI and unifying business and IT stakeholders, an enterprise-wide security strategy should then be crafted. Backed by a defendable prioritization model for implementation of security initiatives, the budget optimization process would follow. This journey to protect the seams would reach the final milestone with the deployment of all necessary and optional security controls. This approach will enable the effective implementation and operation of security processes and technologies into a virtually seamless operational function.

This approach will also help organizations abstract the management of individual security products. This automates security system deployment and ongoing operations, enabling them to be operated as a single unified solution.

The new AT&T Cybersecurity division, first announced at the RSA Conference 2019, can enable this process for any business by delivering a platform that uses the technical capabilities and reach of AT&T Edge-to-Edge IntelligenceSM technologies. This offering delivers solutions as on-demand digital services optimized to help protect customers through their own digital transformation journey. At the heart of this capability is a tight collaboration between industry-leading Chief Security Organization by AT&T and AT&T Alien Labs threat intelligence. The combination of Open Threat Exchange now curated by Alien Labs and the incredible breadth and depth of threat intelligence by AT&T has created one of the world’s leading threat intelligence platforms.

For additional information on each of these process steps, see: