Another Day at the Breach: Cybersecurity for the Country, I-64 Innovation Corridor, and Your Company
One of the biggest threats facing cybersecurity globally is how businesses don’t make cybersecurity a priority.
“That lack of preparation, that lack of understanding that the threats are out there, and that unwillingness to essentially identify cybersecurity as a primary risk to any business is what is going to largely victimize many, many companies,” said Rob Cochran, director of digital forensics and incident response at cybersecurity services firm Stroz Friedberg’s office in Virginia Beach.
“In the industry today, with the interconnectedness and ubiquity of IT infrastructure, if cyber is not one of your primary threats in your company and you're not taking collective effort to secure your networks, your employees, your data, and your information, then you will be a victim,” he said.
Cochran delivered those messages during the Virtual Innovation Spotlight panel discussion on cybersecurity presented by RVA757 Connects. The webinar was held Tuesday, April 5.
He was joined on the panel by Glenn Ballard, president and CEO of Dragonfli Group in Williamsburg, and Bary Dalton, vice president and information security officer at Federal Reserve Information Technology in Richmond. Ernest Cordova, Dragonfli Group’s chief operating officer, served as the panel moderator.
The biggest threat globally, Cochran said, is the criminalization of the internet in which cyber thieves have created an industry for themselves through their attacks that include ransomware and malware.
“They're creating businesses around victimizing companies, corporations, and people to the tune of billions and trillions of dollars,” said Cochran, a former FBI Special Agent who oversaw cyber investigations.
Part of the problem, he said, is changing the mindset that companies have.
“We constantly hear from victims that ‘we have our IT folks and they're supposed to be managing that.’ Well, IT folks aren't supposed to manage security. Security today requires a very specific education training certification process to understand not just how to maintain networks, but how to protect them, and it takes that training,” Cochran said.
Being able to protect data and company networks by using sophisticated equipment to prevent potential attacks is important, but the Fed’s Dalton said creating a layered defense is critical for businesses.
“There's no one tool or technology that will protect you,” Dalton said. “You have to have a layered defense. If you're trying to protect your home, you don't just put a lock on the front door. You might also add motion sensors and lights and cameras. You have a layered defense. If you really want to protect (from cyber breaches), you need to do the same thing for your businesses.”
Ballard, from Dragonfli Group, told participants that businesses should take four steps to significantly decrease or mitigate the risk:
Protect against known exploitable vulnerabilities. Do you have the ability to identify those weaknesses, monitor them, and provide patch management?
Utilize an Endpoint Detection and Response security solution that continuously monitors end-user devices to detect and respond to cyber threats like ransomware and malware.
Operate an identity management plan and zero trust plan: “You need a plan around how you're authenticating users, how you're authorizing users, how you are managing the services and your environments, and what applications are talking to which other applications and how are they doing that. You need to have some type of zero trust plan or identity management plan in your environment,” Ballard said.
Develop an enterprise security plan that outlines your cyber policies, identifies controls, and operating procedures in case of an incident. Additionally, does that plan include cyber insurance?
“If you are the CEO of a company or a business leader, go to your IT department today to say, are we doing this? If not, let's do it,” Ballard said. “If you're an IT department, and you're not doing these items today, go to your business leaders and say we need the resources to do it.”
At the end of the hour-long webinar, the speakers suggested some preventative measures that businesses should take:
Dalton: Create a zero-trust architecture model mindset in which no person or device gets access to or connects to a company’s network systems until authenticated and continuously verified.
Cochran: “If you don't think that cyber is a risk, I’ve got some news for you. You're going to understand the hard way that it's a risk and it's a top risk your company should be paying attention to. There are companies out there to help you get secure. If I can leave you with anything it is this – go have a cyber secure mindset.”
Ballard: “Identify and mitigate all of your vulnerabilities and perform vulnerability assessments on a regular basis. Also, understand what your endpoints are doing. Deploy a threat intel or EDR (Endpoint Detection and Response) solution in your environments to be able to identify what's happening at those endpoints.”
The moderator:
Ernest Cordova, Dragonfli Group’s chief operating officer
The panelists:
Glenn Ballard, president and CEO of Dragonfli Group
Rob Cochran, digital forensics at Stroz Friedberg
Bary Dalton, vice president and information security officer at Federal Reserve Information Technology