Cybersecurity and privacy threats aren't confined to the tech world. They've cast their pall on the world in general. Computer viruses, malware and data leaks have become commonplace, personal privacy has become a bad joke, and cyberwar looms like a virtual mushroom cloud.
What sometimes gets lost in the gloom are the many ways security professionals have been working to shore up cyberdefenses and rebuild some semblance of personal privacy. ECT News Network's roundtable of technology insiders recently discussed some of the progress in cybersecurity and privacy protection, and while they may not have settled upon any overarching solutions, they did identify several rays of hope.
Taking part in the conversation were Laura DiDio, principal at ITIC; Rob Enderle, principal analyst at the Enderle Group; Ed Moyle, partner at SecurityCurve; Denis Pombriant, managing principal at the Beagle Research Group; and Jonathan Terrasi, a tech journalist who focuses on computer security, encryption, open source, politics and current affairs.
STRENGTHENING CYBERSECURITY
Advances in deep learning and other technologies offer some hope for identifying and eradicating cybersecurity risks before they can do irreparable damage, but most of the remedies our panel mentioned involve human behavior.
The main building blocks for shoring up the cybersecurity walls are increasing competence, adjusting priorities, working together, establishing accountability and taking government action, they said.
Closing the Skills Gap
Security professionals should look inward for the best opportunity to make sweeping improvements, suggested Moyle, who advocates establishing a license to practice, similar to a medical license.
"This is controversial and arguably wouldn't help the skill shortage," he acknowledged. "That said, a good 70 percent of those in the profession should be doing something else due to fundamental lack of skill and/or willingness to stay current."
Though she didn't specifically call for a licensing requirement, DiDio said that "corporations need to get the appropriate level of security training for their IT and security administrators, do vulnerability testing at least once a year, and stay up-to-date on all software and patches."
Training probably shouldn't be limited to building a more qualified army of cybersecurity professionals, however.
The one thing that could have the most dramatic positive impact on cybersecurity overall is end user training, according to Enderle.
"Users are still the most likely cause of a breach," he pointed out.
"At the end of the day, end users themselves constitute the biggest threat and undermine security more than the hackers," DiDio agreed.
"Companies need to provide security awareness training for their end users to make them aware of the latest email phishing scams, CEO fraud, malware, ransomware, and viruses that are making the rounds," she said. "You have to change the attitudes and the mindsets of people so that they think before they click on a potentially bad link."
0 Comments