On April 30 2015 industry leaders and government practitioners gathered in Tysons Corner at Cognitio's Synergy Forum to discuss technology trends, innovation, and ways to enhance enterprise and mission outcomes. Technology and Emerging Concepts for Enhanced Cybersecurity, the forum’s first panel discussion, consisted of David Bray, Brian Carrier, Peter Fonash, and Dean Hall, who collectively identified many of the growing opportunities and challenges in the cyber arena.
Although the conversation largely focused on large government and industry enterprises, the panel repeatedly recognized the growing issue of cybersecurity affordability for small- and medium-sized businesses. The newest cybersecurity solutions often carry a high cost, which may prevent smaller organizations from even considering them. As small- and medium-sized businesses constitute a central component of the American economy, their vulnerability is a very important problem for the United States.
For example, if an organization uses an outdated operating system in an effort to cut costs, it is highly unlikely that the same organization will utilize cybersecurity professionals to bolster its information security – it is not even exercising basic cybersecurity hygiene by using outdated software. Although cybersecurity conversations tend toward the cutting edge and maximum protection, affordability should always be a consideration of cybersecurity advocates, because sometimes the most vulnerable enterprises cannot afford expert protection or the latest and greatest solutions.
Another important piece of the puzzle is considering cybersecurity as a risk management problem – instead of a problem to be solved, said Mr. Fonash. It is not realistic to try to completely prevent attacks on an enterprise’s system because attackers succeed very often. Cybersecurity breaches will occur, so limiting their consequences is much more important than attempting to prevent them altogether.
The panel identified many themes essential to enhancing enterprise cybersecurity. Bob Gourley, moderator of the discussion, concluded the conversation by summarizing these themes: anonymous information sharing, designing for containment, training individuals, automation, affordability, interoperability, and risk sharing. Incorporating these concepts into an enterprise’s strategic decision-making will certainly abet efforts to improve information security.
The recommendation was also made that small and medium sized businesses stay informed and aware of the threat. Threat awareness through use of our daily Threat Brief can provide important context that helps decision-makers better prepare for operational decisions including better ways to mitigate risk due to cyber threats.