The news that internet company Yahoo had information stolen on a half billion accounts in 2014 is further proof of this simple truth: Hacks are widespread and increasingly spectacular.
To counter the escalating and ominous threat of costly data breaches, companies need strong defenses in place, said former CISO and independent consultant Candy Alexander. She picked the brains of four cybersecurity experts at a panel discussion in Boston this month.
The talk, sponsored by Women in Technology International, focused on steps companies need to take to protect against hackers. The panelists left the small audience with these nuggets of cybersecurity advice:
Look at people, process and technology. Patty Patria, CIO at Becker College, in Worcester, Mass., stressed this trio of focus areas. Employees need to be trained on cybersecurity practices, processes need to be in place to determine what the most sensitive data is and a variety of tools need to assessed and acquired. And someone needs to orchestrate it all.
“If you don’t have somebody on your staff who has the expertise in understanding how to do those assessments and look at people, process and technology, go hire somebody to do that.”
Make cybersecurity everyone’s business. Janet Levesque, CISO at security company RSA, said organizations need to help their employees understand that cybercriminals pose a threat not only to the company but also to them and to their families, too. As part of an awareness campaign this year, RSA plans to ask all its employees to talk to one family member about safely navigating the internet, Levesque said.
“If they understand security awareness at that level, then they translate those personal actions into their professional behavior.”
Assume you’ve been hacked. That’s because you might have, said Gary Miliefsky. The CEO at SnoopWall, which sells data breach technology, said many companies don’t find out that their computer systems have been infiltrated for months. The cure, he said, is looking beyond prescribed technology like antivirus software and shop for tools that go after those who want in. One example is a honeypot, a decoy system that tricks hackers into thinking they’ve found the real thing.
“Antivirus can’t solve all your problems because it’s reactive technology,” Miliefsky said.
Be strategic. Michelle Drolet, CEO at data security company Towerwall, said companies need “an overarching security policy” that covers components such as user awareness and responsibilities, vulnerability management — which identifies and addresses flaws in hardware or software — and cybersecurity tools.
“Building a solid information security program strategically for your organization is like building a house,” Drolet said. “You need that foundation.”
To get more cybersecurity advice, read the SearchCIO report on Women in Technology International’s recent panel discussion.