In the face of escalating and intricate cybersecurity threats, it’s crucial to reevaluate our approach to defense. The question isn’t just where to begin, but rather, why embark on this journey? As technology grows exponentially — think Moore’s Law, which posits microchip capacity will double every two years — it brings both advancements and vulnerabilities, making our outdated cybersecurity defenses inadequate.
The starting point lies with us — the users operating computers connected to networks. While often considered the first line of defense, we are also the primary vulnerability. As employees and consumers, safeguarding our credentials is paramount, as compromised credentials jeopardize both personal and corporate assets. Our reliance on technology spans public and private sectors, evident in incidents like the SolarWinds and MOVEit attacks, revealing vulnerabilities along the supply chain.
Sophisticated phishing attempts, often augmented by artificial intelligence, seek to deceive users into surrendering their credentials, rendering billions invested in cyber defense useless. Instances like the Ukrainian power utility breach in 2015 and the more recent 2022 Viasat hack underscore the significance of credentials in breaches.
To counter these threats, regular cybersecurity training is essential for organizations and individuals, fostering awareness of these dangers. Multi-factor authentication (MFA) emerges as a robust solution, requiring an additional layer of verification beyond passwords. Despite initial reluctance, MFA gains traction due to its effectiveness.
Devices connecting to networks represent the next battleground. Prompt patching is critical as new vulnerabilities and attacks surface. Zero day attacks exploit new or modified versions, necessitating immediate application of patches.
However, a paradigm shift is essential. Zero trust principles dictate a shift away from implicit trust in our cybersecurity architecture. Traditionally, we’ve assumed trust throughout the defense system, allowing authorized entry based on credentials and defined access. Adopting zero trust means verifying every access request, considering no entity inherently trustworthy.
Transitioning to zero trust demands a strategic approach. Recognizing the value of reduced vulnerabilities and incidents is crucial in advocating for change. Developing a transition strategy with well-defined goals, including cost considerations, is imperative. Change management becomes pivotal in convincing stakeholders of the necessity of zero trust, addressing concerns and hesitancy. Resistance may arise from a reluctance to alter existing systems or a perceived threat to careers.
While initial defense strengthening involves cybersecurity awareness, MFA, and device patching, the future lies in embracing zero trust principles. As technology evolves, our defenses must evolve too. By challenging traditional notions of trust and overhauling our cybersecurity approach, we can effectively mitigate the ever-growing risks of cyber threats.
David Cagigal is currently serving as a Board Member of the Wisconsin Cyber Threat Response Alliance (WICTRA) and as a CXO Advisor for Zscaler as well as an Executive Member to the State CIO Council for Ridge-Lane LP.
David Cagigal was appointed CIO for the State of Wisconsin in November 2012. As the CIO, he also serves as Division Administrator for the Division of Enterprise Technology (DET). DET manages the state’s IT assets and provides technology to state agencies such as computer services, voice-data-video telecommunications, and print and mail services. David retired June 2020. While as the State CIO, he collaborated with more than 30 Agency CIOs to implement an enterprise ERP (Oracle – Peoplesoft), consolidate all agency data centers into a single enterprise data center as well as improve broadband connectivity throughout the state to more than 760 state offices, local government, 425 K-12 School Districts, 350 libraries and influencing providers to connect the citizens of Wisconsin. David was also instrumental in improving cyber defenses in state and local government. He worked extensively with the Wisconsin National Guard, National Governor’s Association (NGA) and the Department of Homeland Security – CISA to protect 16 Critical Infrastructure/Key Resource Sectors. He also initiated the formation of Wisconsin’s Cyber Response Teams to address cyber threats and attacks. David was also the Chief Information Officer for Alliant Energy from 2004 to 2011 serving electric and gas customers in Wisconsin and Iowa. David has held executive IT positions at DeVry University, DePaul University, Maytag and Amoco.
Leave a Reply
You must be logged in to post a comment.