SecureWorld's first annual Chicago conference kicked off with a morning session on cyber vulnerabilities in the near future, hosted by InfraGard.
Are you ready for the FBI's secret to ending all cybersecurity screwups?
Don't click the link!
The intelligence agency's findings show that 20% of end users will click the link 100% of the time. But it's not just phishing attacks that are dominating the current threatscape.
Eric Shiffman, from Squad CY-3 of Chicago's FBI force, explained that threats will go wherever you are—you can't hide from them. Especially as the number of internet-connected devices is projected to reach 600 million by 2020, and new WiFi connections are creeping out to every corner of the globe.
Google is becoming a hacking database, as cyber criminals can mine most of the information they would need to socially engineer you from a quick search of the internet.
But the most important thing Shiffman said you can do to protect yourself and your organization is to have a plan in place. You can't defend your data if you don't know what you're fighting against.
However, part of the problem we're facing is how complex the cost and consequences of IT security have become.
Dr. Larry Ponemon of the Ponemon Institute has found the top four factors that increase complexity in the security realm: access to cloud-based applications and data, use of mobile devices, rapid growth of unstructured data, and regulatory and compliance requirements.
His morning keynote discussed survey results from the latest Ponemon research covering the pitfalls and successes of IT security, especially in terms of complexity.
He also found that the top four most successful technologies were security intelligence systems including SIEM, mobile device management, identity and authentication systems, and enterprise encryption for data at rest.
In order to reduce complexity in the security workplace, implementing these technologies—as well as centralizing decision making and reducing the number of active endpoints—can go a long way in better securing our digital assets.
One of the ways to create a more centralized decision making system is to understand that cultivating relationships with your team is critical.
Greg York, Vice President of Information Security at Tribune Media, gave a breakout session on the process a new CISO should go through within the first 90 days of employment.
Understanding your new team and establishing trust are two of the most important factors York outlined for success.
His 90-day action plan included outlining your goals and objectives, cultivating bonds within your team, understanding your stakeholders, defining your mission, managing your frameworks, understanding current security technologies in place, and developing an annual plan.
York defined success as "living within your value system to solve problems that you enjoy." If we can all get behind that in terms of dealing with our security, we'll have a better shot at securing our networks.