SecurityWeek CISO Forum, Presented by Intel

Over the next few years, we should expect to see attackers refine and mature their capability to drive outcomes that result in the *inability* for us to recover from an attack, i.e., irreversible attacks. We already are seeing evidence of this now through ransomware (irreversible attack on the availability of data), wikileaks (irreversible attack on the confidentiality of data), #fakenews (irreversible attack on the integrity of data). To proactively address this trend, we need to be in a position to make such attacks irrelevant by being able to conduct irreversible attacks against ourselves (e.g., Chaosmonkey) and design systems so that we can continue our business functions unimpeded. This session articulates the compelling need for us to consider new, business-aligned design patterns that enable us to have systems that are fully resilient against destructive/irreversible attacks and why we need to seriously consider pivoting to this approach within the next five years to survive. I'll also discuss the implications for our industry and our profession. I will also reveal a new set of concrete measurements and metrics that enable us to focus on true solutions and not just an never-ending list of vulnerability and patching metrics.