Dr. Eric Cole sums up his view on cybersecurity this way: "My big focus is distilling down cybersecurity so we can implement effective solutions that work. Because the reality is we make this problem a lot harder than it needs to be; and if we break it down into its core components, we now have a solvable problem that's not near as difficult as most people think."
That is how he set up the recent SecureWorld webcast, "The Myth of Cybersecurity: Identifying and Mitigating Cyber Attacks with Dr. Eric Cole." The Remote Sessions episode is now available to watch on-demand. The informative session is brought to you by Abnormal Security.
Dr. Cole began his career as a professional hacker, working for government performing offensive work—and he admits that "offense is easy." So he made the decision to switch roles and use his skills to implement proper defensive techniques. He is now the founder and CEO of Secure Anchor Consulting.
He defines cybersecurity as "the understanding, managing, and mitigating the risk of your critical data being disclosed, altered, or denied access."
He likened today's cybersecurity issues to the early 1970s TV campaigns in which the voice-over asked, "It's 9 p.m. Do you know where your children are?" The idea was in the pre-mobile phone days, parents should be paying attention to where their kids are, as they had no way of getting ahold of them.
Today's campaign could read, "It's 9 p.m. Do you know where your data are located?" In today's digital economy, many individuals hand out their data like candy at Halloween, and the organizations they give it to may not always know where that personal data are stored.
From a cybersecurity professional's standpoint, one of the biggest issues they face is that executive leadership has a much different view of where resources should be used on cybersecurity efforts. That misalignment and disconnect ends up costing companies in breaches, malware incidents, and other exposures, Dr. Cole said.
One of his slides is very pertinent and talks about the difference between boasting about not having any cyberattacks to the truth that is more like those attacks just have not been detected.
"If you have not detected an attack in the last 12 months, it is NOT because you are secure or invincible," the slide reads. "It is because you are not looking in the right places."
Dr. Cole is very frank. Unless you are Amish with no technology, 100% security does not exist. It's like a person who says they have never been sick and never will get sick; it's just not possible. The goal is not to never get sick but to minimize the frequency in which we get sick and the impact it has on our lives—which is parallel to cybersecurity.
"Cybersecurity is all about timely detection and minimizing the damage," Dr. Cole said.
Log in to the free, on-demand webcast and learn more about:
- How the threat landscape is changing in 2023
- Which myths you're likely convincing yourself are true
- Why cybersecurity is an ever-evolving game we can't win
- What you can do to make sure you're prepared to play
And qualify to earn 1 CPE credit in the process.
