We're All Cyber-Warriors
By Eileen Feretic
Are cyber-threats really a danger to our economy, our government and our way of life? Well, when more than 1,200 professionals from 50 countries travel to New York City to seek information about combating this scourge, it seems clear that this threat has reached the red-alert stage.
These professionals from business, government, academia and law enforcement congregated in Fordham University's Lincoln Center campus to attend the second annual International Conference on Cyber Security (ICCS), hosted by Fordham and the FBI. There was standing room only at the keynote presentation given by Howard Schmidt, White House cybersecurity coordinator and special assistant to the president. (www.iccs.fordham.edu)
The attendees I spoke with--some of whom work for government agencies that won't allow them to describe their jobs--are girding for battle with the growing army of cyber-criminals out to steal their confidential information, money, networks, intellectual property and reputations.
These knowledgeable, experienced cyber-warriors are well-prepared to defend their organizations. "Our attendees represent the best thinking in cyber-crime ... throughout the world," stated Joseph McShane, S.J., president of Fordham.
In his keynote address, Howard Schmidt pointed out that the world's economy depends on the Internet, noting that $10 trillion in business was conducted over the Net last year--a number he expects to double in the next decade. So it's critical, he added, for public and private organizations to work together to fight cyber-threats.
"Security is a shared responsibility," he said. "Public/private partnerships have to find ways to share confidential information safely."
Schmidt recommended ratcheting up the fight against cyber-crimes by increasing law enforcement and intelligence capabilities; establishing stronger deterrents, such as longer prison sentences for offenders; building more resilient networks with better backups; floating critical information around a network so it's a harder target; and cleaning up government networks to reduce access points to the Web, thereby making it easier to monitor and identify malicious traffic.
Of course, Schmidt is not alone in his belief that cyber-security is a responsibility that must be shared--not just by public and private organizations, but also by the various departments within them. Another ICCS presenter, Rich Baich, principal, security and privacy at Deloitte & Touche, stressed the importance of presenting a united front in the face of cyber-threats. (www.deloitte.com)www.deloitte.com
"We need to eliminate silos and share information to mitigate risk," Baich said. "That means people in areas such as technology, legal, HR, security, governance, fraud and privacy have to work closely together. Technology is an enabler of security, but organizational structure and collaboration among all the stakeholders are equally important.
"To provide adequate defenses against cyber-criminals, organizations need to follow a three-step process: know where their information is, know how to get it and know how to use it to make good decisions. Making your information actionable is essential."
Of course, not all cyber-threats come from an outside enemy. Employees also can cause security breaches--either deliberately or accidentally.
"Organizations need to make their employees aware of security issues so they understand the impact of their actions," Baich said. "Employees need to understand the consequences--to both the company and themselves--of security lapses such as losing a USB drive, laptop or smartphone."
I guess that makes all of us cyber-warriors.