IDG Contributor Network: Stop playing “whack-a-mole” with your security

As security threats become more prevalent across organizations, solutions must have buy-in across the enterprise – not just within the IT department. Equally importantly, organizations must stop addressing problems as they emerge and start being more proactive about undermining those problems before they cause damage.

Those were the key takeaways in a presentation by Parisa Tabriz, a director of engineering from Google. Tabriz spoke at the August Black Hat US 2018 conference in Las Vegas. In the session, the underlying theme was that security professionals must do whatever they can to incentivize firms to make better and more secure products.

It’s surprising, but there are a mere 20 or so companies in a position to influence us globally because they make the operating systems, mobile devices and so on that we all use and rely on. Those companies, therefore, are truly the only ones in a position to influence the direction of security that will affect billions of people.

To that end, Tabriz explained what Google is doing to improve security. She used the analogy of security experts playing the carnival game “Whack-a-Mole,” responding to threats only after they’ve emerged. Real progress comes from a more collaborative, and strategic approach to defense. She recommended three ways forward: