Olivier Vallez, contributing writer for Cyber Defense Magazine, covered key learnings for small and mid-sized enterprises shared during the inaugural SecureWorld New York cybersecurity conference.
With all the high-profile cyberattacks receiving coverage in the media as of late, cybersecurity is quickly becoming a topic of conversation among the tech-savvy and non-technical alike. I was privileged to attend the SecureWorld New York conference on September 25th in midtown Manhattan. Much of the focus was on small-to-medium enterprises (SMEs), the issues they are facing, and suggested measures to address them.
As always, a recurring theme was the correlation between end-user behavior and cyber-vulnerability. "There's always going to be a threat when the 'human factor' is involved," according to Tim Miller, a lead cybersecurity consultant at Trend Micro. However, several speakers conveyed a very different message—one of inspired confidence in the untapped potential of the end-users to be on the front lines of cyber defense. As David Sherry, CISO of Princeton University points out, "[The tired notion of] end-users being the weakest link is negative reinforcement. Instead, we should look to empower end-users to be the 'guardians at the gate!'"
When it comes to SMEs, the security landscape has quickly become as complicated as it is critical. "'IT risk' is indistinguishable from 'business risk,'" says Nick Selby, director of cyber intelligence & investigations at the NYPD. "Outsourcing of IT services will continue to accelerate, and the risks associated with that are often understated." Selby continues, "[The issue is] how do non-technical people see this stuff? We have to do a better job of communicating these concepts."