By Jalen Chin, Guest Contritbutor
As the world becomes increasingly technology oriented, information continues to become digitized. However, with the increased use of technology, such as mobile devices, there will be more entry points at which confidential data can be compromised. Julie Cullivan proposes that we need to find a way to balance the risks and capabilities/benefits when using technology in our everyday lives.
Cullivan discloses a couple of startling facts to the audience in regards to the impact of digital security breaches. One of the most interesting facts suggests that the median number of days it takes an organization to detect that their data has been breached is 99 days. This means that for 99 days there was somebody in your environment causing business disruptions or stealing confidential data without being noticed. Cullivan states that the America’s are doing better in terms of bringing that number down, however half of the time a company does not even know that they have been compromised. In most cases, somebody has to knock on an organization’s door to let them know they have been breached. Cullivan then emphasizes that security needs to be thought about at the beginning, not left until the end of operations.
According to Cullivan, the most prominent reason for breaches is due to financial purposes. Hackers are becoming more advanced in their approach and infrastructure. For example, it is common for hackers to email CEOs of organizations to get them to follow through with a transaction as soon as possible. Financially motivated attackers are looking for emails or any documents that can influence the stock market, as an example. Cullivan talks about Ransomware continuing to be a big problem amongst organizations. Although the financial reward is not significant, the disruption it can cause for an organization is real. An interesting quote that Cullivan brings up in regards to attack trends says, “Less Smashy, More Grabby”.
Cullivan identifies the underlying meaning of the quote as insinuating that attackers don’t care about an organization knowing that they were in the organization’s network, rather they are more interested in “grabbing” as much information as possible. Furthermore, hackers have become increasingly deceptive and better at covering their trails.
Cullivan advises that organizations put in a proper set of policies and programs to ensure organizations are thinking of security. There needs to be a security culture in place through all levels of an organization and the culture should not only be about annual security training, it should be an ongoing process. As mentioned earlier, Cullivan believes that security should be embedded early in the process. An organization’s board of directors needs to know the basic security questions to ask in order to ensure that the organization is doing the right things in terms of securing their information. In addition to the members in the upper organization hierarchy, employees underneath can open up the organization to significant risk as well, due to negligence. Therefore, Cullivan believes there should be visibility across the entire landscape. Organizations should have the ability to see what is going on within the organization, as well as what is going on outside the organization’s network. The visibility premise rests on the idea that you cannot protect or remediate what you don’t know. If you are not aware, there is nothing you can do about security breaches.
The presentation then lead to Cullivan discussing important organization practices that can lead to improved security. Cullivan was of the opinion that it is essential for organizations to practice good cyber security hygiene. Hygiene is how an organization keeps up with the constant need to be patching and understanding vulnerabilities within the organization. There needs to be a method of prioritizing and understanding what is important. If you try to tackle everything at once, nothing will be accomplished. Furthermore, the more you segment your network, the better. It is also important to test your plans to ensure everything is functional before a security breach actually occurs. Cullivan then stated that it is important to leverage threat intelligence. There is no shortage of information and alerts coming at you, so it is vital for organizations to focus on applying contextual intelligence onto it. This helps an organization to generate understanding of how to investigate. If there is no understanding of who is behind the attacks, Cullivan suggested that an organization understands what is going on in their community and the world so they can proactively look at that particular activity in their organization’s environment. Cullivan emphasized that organizations should be proactive. Enough information is out there to make you more alert and knowledgeable about security threats.
Lastly, Cullivan believed organizations should invest in expertise. In the next few years there will be over 1,000,000 security jobs that will struggle to be filled. It is important to grow your own expertise, but organizations should also establish the right partnerships as a backup option to aid in times of need. You do not have to build all the security infrastructure by yourself.
For a recap of Julie Cullivan’s presentation, she has given permission to share her slide deck with CIOCAN members. It can be accessed when you are logged in to the CIOCAN website, under Rescources – Presentations from Past Events. If you attended the CIO Peer Forum, are not a member of CIOCAN and would like to access the presentation, please contact firstname.lastname@example.org.
Jalen Chin is a student at University of Alblerta and we are grateful to have had him with us at the CIO Peer Forum 2017 in Edmonton as a volunteer. We thank him for his time and commitment.