In July, I had the opportunity to attend the International Conference on Cyber Security (ICCS), a meeting held every other year at Fordham University’s Lincoln Center campus. This gathering offers enterprise risk management, cybersecurity law enforcement and private sector professionals from throughout the world a chance to connect, converse, and learn about new trends, challenges, and opportunities shaking up the ever-changing cyber security environment. Among other things, my time at the event included seminars given by dozens of high-profile speakers such as U.S. Attorney General William Barr; Christopher Wray, Director of the FBI; and General Paul M. Nakasone, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service.
In hearing from these top-ranking government officials and my peers, these are my key takeaways coming out of ICCS 2019:
- Despite near-constant reports of breaches and cyberattacks in the news, companies are still slow to take proactive measures to reduce the risk of a cyberattack. Organizations of every size, location, and industry not only need to implement internal and external security controls that can alert them to existing and potential threats, but they must also establish policies and procedures and frequently test their ability to detect and identify a potential threat.
- The C-suite (and beyond) must be held accountable. The buck frequently gets passed to the IT team when a cyberattack occurs, but it was typically the executives who chose not to take the proper precautionary measures to prevent an incident. When the C-suite has a stake in the outcomes of cybersecurity, they are more likely to take seriously the recommendations of their own IT team and the advice of outside experts. Employees throughout any given organization must hold some responsibility and look to act as “human firewalls” as well.
- Keep an eye on blockchain, but it’s not ready for primetime yet. There’s been a lot of buzz around blockchain in recent years – countless different industries are exploring the ways it can improve efficiencies and security. For the time being, when it comes to blockchain, beware. There’s still work to be done in preparing this technology for the inevitability of human error.
As cyber threats continue to evolve and grow with each passing month, it’s always beneficial to take a step back and network with individuals who are also dedicated to protecting, understanding and implementing the best risk management and cybersecurity practices for their companies, their clients, and ultimately, their countries.