Merritt Group Blog

4 CyberTalks Lessons Worth Talking About

Last week, CyberScoop hosted the first annual D.C.-based CyberWeek, including dozens of events spread across the D.C., Maryland and Virginia area. The anchor event, CyberTalks, featured speakers from government and industry alike, spreading the message that all cybersecurity experts and decision-makers must collaborate on issues that threaten our government. Among predictions and possibilities, case studies and consequences, these are the four lessons that stood out:

Lesson 1: There are No Hackers, Only Spies
Sorry James Bond, but your days in the spotlight are numbered. The times of spies traveling the world to unearth secrets are behind us. Instead, today’s spies sit behind computers and use technology to reach individuals who possess the secrets they hope to unveil. During last week’s CyberScoop CyberTalks, Eric O’Neill, Carbon Black’s national security strategist and the man responsible for taking down FBI traitor Robert Hanssen, explained that hacking is simply the necessary evolution of espionage.

When you get emails from an unknown address, do you click to check it out without any “screening measures” like those you would typically take for a call from an unknown number? Chances are, the answer is yes. Within this email could lie malware, a sophisticated phishing attack or maybe nothing, but you don’t know when you click on the message in your inbox.

Hackers, or modern day spies, are more and more leveraging this understanding of human behavior as a way to insert malware into a system and create a virtual espionage platform.

Lesson 2: Passwords are Dead
There are two types of passwords in the world:

  1. Password123
  2. The “Forgot Password” button

We have become increasingly reliant on passwords to secure our most important information — bank accounts, social media platforms, company documents and more. However, popular, easy-to-remember passwords like “Password123” leave us feeling just about as confident in our security as we are in the D.C. sports program (sorry, Redskins!).

With this in mind, expert after expert emphasized the need for stronger authentication. Chris Niggel, director of Security and Compliance at Okta, explained that passwords provide insufficient security on their own.

“Passwords are the evil truth,” said Amit Yoran, CEO of Tenable, in the opening remarks of the day, setting the tone for conversations to come.

Lesson 3: One of the Biggest Challenges in Cyber is the Workforce Shortage  
The 2017 Global Information Security Workforce study projects that the cybersecurity workforce gap is on pace to hit 1.8 million by 2022, and the drastic shortage is already causing challenges among intelligence agencies like the Federal Bureau of Investigation.

“We have a significant portion of our agents and investigators that are not equipped, what you could probably call not tech-savvy, that are not going to be much help when it comes to the technical side of an investigation,” said Howard Marshall, deputy assistant director of the bureau’s cybersecurity division. Although it will take time to overcome this skills gap, Marshall explain that the by getting students engaged in STEM programs young through a nationwide pilot program targeting high school students, the bureau is helping shape the cybersecurity industry of tomorrow.

Lesson 4: Cyber Pros Deserve a Thank You
A Google search for “cybersecurity” yields over 30 million results, most of which highlight the devastating attacks that plague businesses and consumers. However, the number of articles praising security professionals is far lower.

The world of cybersecurity can be an unfortunate one. You rarely make the news for a job well-done. Decades of smart cyber hygiene get thrown away as soon as a breach takes place. Reputation, customer trust and peace of mind can disappear in an instant. With this brutal status quo, security professionals are often left unknown and underappreciated. It’s important to thank these pros, because when the work they do every single day goes unnoticed, that means they’re doing their job correctly.

As Yoran said in his keynote, “Security is an incredibly thankless profession, but the work that you do is incredibly important.”

Cara LaMaina and Katie Pesek wrote this article.

 

 

 

 

Topics: thought leadership