Many lessons and tidbits of information were shared during the 7th annual SecureWorld St. Louis. From sessions to keynotes to panels, here are a few of our favorites:
If cybersecurity is a race against the bad guys, we need to reframe how we think about the finish line.
After all, there really isn't one at all.
"Our executives largely don't understand that security is a journey," says Randy Raw, Director of Information Security at Veterans United Home Loans.
Spending security dollars can't guarantee an eradication of risk - it can only lower it.
So by thinking of risk as something that can be eliminated, we're holding it in a place of fear, as opposed to being fully prepared to mitigate problems that will surely arise.
During the lunchtime keynote, a team from the state of Missouri led a panel on how to use publicly available data to alert organizations of vulnerabilities.
Michael Roling, CISO for the state of Missouri, says that we need to treat cybersecurity like we treat public health.
If our partner is sick, we care because we are also at risk of infection. And so are our children, friends, and coworkers.
We need to think of cybersecurity in the same way, and recognize that everyone has a stake in protecting our assets.
In an exclusive interview with SecureWorld, Michael Roling dives further into what is going on at the state level:
"How we define our risk is different than how you define your risk," says Jon Stitzel, Lead Analyst for Cybersecurity Governance and Risk Management at Ameren.
Just as there's no one solution that can fully prevent all cyber attacks, there's also no single way to define risk, as it can differ greatly across organizations.
But there's also a distinction between cyber risks and cyber threats, although they are often used interchangeably.
To illustrate, during his presentation Stitzel showed a picture of a polar bear attempting to break into a cabin. While the bear itself is the threat, the risk itself can vary.
If you're a person trapped inside the cabin, your risk is loss of life. If you're the cabin owner or maybe an insurance agent, it's the potential destruction of the cabin itself. However, the threat of the bear remains the same.
If we can properly distinguish between what are the risks and what are the threats, we not only stand a better chance at defending against them, but at getting the money to do so as well.
For more lessons learned during SecureWorld St. Louis, be sure to follow SecureWorld on Twitter, Facebook, and LinkedIn.