Cybersecurity community must make some changes to truly be effective

Share intelligence, hire more women, design technology for how people use it, expert says

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

There­sa Pay­ton honed her cyber­se­cu­ri­ty skills as the White House’s first female chief infor­ma­tion offi­cer, under Pres­i­dent George W. Bush.

Pay­ton is now pres­i­dent and CEO of cyber­se­cu­ri­ty con­sult­ing com­pa­ny For­t­al­ice Solu­tions. I had the chance to inter­view her at the recent Enfuse 2017 cyber­se­cu­ri­ty con­fer­ence in Las Vegas.

We dis­cussed how dig­i­tal attacks have increased, what strate­gies embat­tled orga­ni­za­tions should embrace and why über-com­pet­i­tive tech secu­ri­ty ven­dors need to learn to share threat intel­li­gence more read­i­ly. Here are a few top takeaways:

DIY hack­ing increases

When Pay­ton was at the White House, she says cyber crim­i­nals and ter­ror­ists had to have skill and tal­ent to break into dig­i­tal sys­tems. Now, with emerg­ing tech­nolo­gies, “it’s nev­er been eas­i­er and inex­pen­sive to actu­al­ly cre­ate mayhem.”

All the old-school secu­ri­ty prob­lems from years past are still issues, and new ones are being added. Crim­i­nals can out­source cyber attacks, or learn how to do it on a YouTube video.

There­sa Pay­ton, For­t­al­ice Solu­tions pres­i­dent and CEO

It used to be sort of cyber crim­i­nal syn­di­cates, and state-spon­sored crime, but it was real­ly hard for just the aver­age evil­do­er to break in and do cyber crim­i­nal activ­i­ties,” she says. “Now, it’s nev­er been easier.”

Seek­ing new approaches

Pay­ton says the secu­ri­ty com­mu­ni­ty needs to pay more atten­tion to how peo­ple use cyber solu­tions, instead of focus­ing only on their cre­ation and design. “We need to start design­ing for the human, vs. telling the human to con­form to the technology.”

She also believes that shar­ing intel­li­gence helps strength­en everyone’s defens­es, some­thing that a high­ly com­pet­i­tive indus­try is reluc­tant to do.

Some of that true action­able intelligence—‘I just got hit, and this is how they did it, and this is what I need to share with oth­er peo­ple so they’re not victims’—that’s not hap­pen­ing in real time as action­able intel­li­gence, and that’s what we have to fix,” she says.

Clos­ing the gen­der gap

We need everybody—we need male, female, we need minorities—we need every­body to fight this good fight,” Pay­ton says. “But I con­tin­ue to be dis­mayed at the inabil­i­ty for us to recruit more females.”

The indus­try has a prob­lem with mes­sag­ing, she says, in that the tra­di­tion­al image of a cyber expert, “a dude in a hood­ie in the dark, hunched over a com­put­er,” makes it hard for women to see them­selves doing cyber­se­cu­ri­ty work.

She says more empha­sis needs to be placed on the industry’s abil­i­ty to help peo­ple retain their iden­ti­ties, or to save a busi­ness from hav­ing its data stolen. Women need to hear, “This is a fight, and you can be on the good guys’ side, and you can real­ly help.”

For a deep­er drill down, please lis­ten to the accom­pa­ny­ing podcast.

More sto­ries relat­ed to the evolv­ing cyber­se­cu­ri­ty industry:
How to grap­ple with the grow­ing gen­der gap in cybersecurity
Silence isn’t gold­en: Infor­ma­tion shar­ing is key to com­bat­ing cyber attacks
Why study­ing human behav­ior could be the key to secur­ing networks