Hacks are no laughing matter. The U.S. government and the American population have lost billions of dollars as a result of IT system hacks. The threats come from all angles – insiders, thieves, terrorists, and your run-of-the-mill bad guys. Cybersecurity is not just a national issue – it’s a national battle. And it’s certainly been in the news a great deal lately. However, maybe the ideas we have about cybersecurity and how to manage it aren’t totally up to date.
In this month’s DorobekINSIDER Live, “Don’t Get Hacked: Tips for Combating Cyberthreats”, Christopher Dorobek sat down with some cybersecurity experts and debunked some of the common notions floating around about how to prevent cyberattacks.
The panelists were:
• Bob Gourley, Partner and Co-Founder of Cognitio Corp. and Editor of CTO;
• Karen S. Evans, National Director of US Cyber Challenge (USCC);
• Alan Paller, Founder and Research Director of SANS Institute;
• Hannah Moss, Writer and Research Analyst here at GovLoop.
First, Moss gave us the background on cybersecurity and its current state in the U.S. Everyone’s certainly talking about cybersecurity, but what does it mean for government agencies? Moss explained that it’s different based upon organization. In the recent GovLoop guide, “Securing Government: Lessons From The Cyber Frontlines”, Moss, the author, gave case studies from ten government agencies on mitigating cyberthreats in new and innovative ways. Download this loaded guide for the full scoop here.
So, what’s the real story behind cybersecurity, according to our experts?
Evans explained that contrary to the common mantra in government and beyond, we have enough money. She insisted that the issue was mining the resources to the correct places, not generating new funding.
Cybersecurity not a small problem, and to develop our strategy to deal with it, we have to take it more seriously than it’s currently being handled. Paller warned the audience never to underestimate the extent of infiltration. Government websites and government data are already compromised, to some degree. The task now is to tread carefully within our current systems and mitigate the detrimental effects of the breaches, and to ensure that further infiltrations don’t occur.
Also, it’s not necessarily the fancy or complex changes that need to be made, according to Evans. Rather, small, seemingly simple, everyday habits need to be adjusted to promote security. This may include tasks like securing logins or embedding emails.
Additionally, we always hear that there are major improvements to be made in hiring and training cybersecurity professionals. But maybe that’s not the case, according to the panelists. Especially in an environment where there are the outside stakeholders, the government contractors, it’s not possible for the government to ensure that everyone who interacts with their IT systems has gone through the height of cybersecurity training. When the government uses what Paller called “rock-bottom” priced contractors, there’s no way to ensure that the quality of IT training is perfect.
Another idea they debated was information sharing. Information sharing is commonly thought of as a good thing, but the panelists agreed that it’s not as great as everyone thinks, perhaps. Paller explained that it’s one of the most frustrating things to have the shared information, but no way of implementing or using it in any way. Information sharing, Evans added, is an overused phrase – like accountability or transparency, in her opinion.
According to Gourley, cybercriminals, or the “bad guys” are creative. Each time, they come up with a new tactic to infiltrate the system. Cybersecurity in our country has evolved and complexified starting all the way back in the Civil War (yes, telegrams could be hacked!), which goes to show just how much cybercriminals keep up to date – or one step ahead - of the government’s systems.
The panelists concluded by leaving the audience with one recommendation – go to GAO.gov and read the reports on cybersecurity. They have a wealth of resources, as the GAO has taken data from government agencies on their cybersecurity practices, successes, and failures, and that data can help you do your job better – and more securely.
Missed it live? Listen to the entire recorded event here.