What keeps cybersecurity and business executives in the US awake at night is the ever-increasing attack surface they must deal with every morning when they wake up.
This factoid was revealed in a brief poll conducted during a panel session on cyber warfare at the "Securing Our Critical Infrastructure" conference, a National Cyber Security Alliance (NCSA) and NASDAQ Cybersecurity Summit. Those in attendance were asked what their greatest cyber-security worry is, and the growing attack surface barely nudged out nation-state attacks as the leading reason for losing sleep — a point agreed upon by the four panelists.
When asked by moderator and NCSA Executive Director Russ Schrader what were some of the contributing causes to this concern, the panelists all said it boiled down to people, including a lack of trained staff and the fact the people are often the cause of an organisation’s cyber-problems.
Tony Thomas, senior principal engineer at the National Rural Electric Cooperative Association, noted that there are thousands of utilities in the US manned by many information technologists and many engineers, but very few who cross over those two disciplines to create the type of person who can best protect the infrastructure.
One panelist on the front lines of delivering cyber-security experts to industries was Travis Breaux, associate professor of computer science at Carnegie Mellon University. At the event, Breaux praised government scholarship programs like the CyberCorps, which pays for a student’s four-year or Master’s degree in return for a commitment to work for the government for several years after graduation, as one way to increase staffing.
However, he called on the private sector to do more to help encourage college students to enter the field. This included guest classroom lecturers from cyber-security pros exposing the students to what actually takes place in the field and also calling for more internships where those interested in cyber-security can get a first-hand look at the industry.
The panelist did not forget the fact that the true people on the front line of defending their company, organisation or municipality are everyday workers.
Rohyt Bahani, CEO of Cofense, said the industry needs to leverage human intelligence, calling people the best threat detectors in the world with the ability to do things technology can’t, like apply logic to a problem. He pointed out that too many companies today latch onto the idea of just having a perimeter defence, but he called this outdated thinking, as the majority of cyber-attacks enter into a company via email, which means a person has to be ready to recognise the threat and act appropriately.
Originally published in scmagazine.com North America.