Cybersecurity is a business and people issue, not a technology problem

Jan. 25, 2018

If areas such as asset management, document control and change control are not addressed, then cybersecurity policies and procedures layered over them will be ineffective.

I recently had the opportunity to interview Eric Cole, Ph.D., one of the world’s leading cybersecurity experts who has been interviewed by 60 Minutes, CNN and The History Channel. He also was a commissioner on President Obama’s Commission on Cybersecurity.

We had a fascinating conversation and it yielded great insights into why we are in the cybersecurity situation we are in right now, and what we can do about it. Here are a few of the highlights.

• Why do cybersecurity breaches keep happening? Cole said, “As humans we are in the position of thinking that it will not happen to me. We do not get into a car and think there is a good chance I get into a crash today. We just go about our business and kind of put it out of our minds.” Unfortunately, this is what the cybercriminals are waiting for. They are waiting for us to drop our guard, to not expect anything to happen. And then they strike. The lesson is get prepared today, don’t wait.

• I asked him about his stint at the Central Intelligence Agency and how it differed from corporate America. He said, “it was unusual in that critical systems maintained an air gap (editor’s note: an air gap is when a system does not have an electrical connection to the outside) to protect them from hacking. But as our recent experience with the NSA breaches we see that this is not always successful.” Sometimes hackers manage to get the data out anyway. But the point is valuable. There may be times in critical corporate environments when an air gap is necessary and should be considered. This would be at the high end of protection strategies. Another valuable lesson, cybersecurity is not a technology problem, it is a business and people issue.

• We talked about the biggest challenges for corporate America in cybersecurity. “It was to focus on some core areas of your business. Things like asset management, and document control and change control. If these areas are not addressed, then cybersecurity policies and procedures layered over them will be ineffective.” As I have written before, cybersecurity is a game of the basics of common sense business. If you get these areas of your house in order you will be able to create a much stronger cybersecurity posture. Once again, the emphasis is in your company’s business processes.

• We talked about the Internet of Things (IoT) and he said “IOT has too much focus on functionality and not security. We are so busy trying to get as much functionality in as small a package as possible we lose site of the security. This leads to serious consequences down the road. We will have to double focus on security from the beginning and build it into our systems and products.” This goes double for the automotive industry where our systems control 3,000-pound vehicles moving at high speeds. So make sure you are starting with the end in mind when it comes to cybersecurity.

• Cole said he believes “that all disciplines will have a specialty in the field of cybersecurity. Engineers, lawyers, doctors, designers all will have to deal with their field and cybersecurity concurrently. Our ability to do these two functions will make us incredibly valuable and the career prospects are huge.” Ask yourselves what niches in your field could benefit from a cybersecurity specialist?

• On working for former President Obama, he said, “working for the President is always a fun experience. But you must be quick and ready to roll with whatever their agenda is. You could have a briefing scheduled and have five minutes of topics to discuss. And right before you go in they tell you that you have 45 seconds to make your point. It is a challenge you must be concise and to the point.” When I work with corporate executives my message always must be short and to the point. If I am not concise the message never gets heard.

Background information

Cole was the personal cybersecurity advisor to Bill Gates and his family. He has worked with many major corporate clients and has more than 30 years of experience in the field. He previously was the technical director for the Central Intelligence Agency’s Internet program team, and a senior vice president at McAfee. He has an upcoming book on cybersecurity called “Online Danger: How to protect yourself and your loved ones from the evil side of the internet.”

Also, my book just came out “One False Click: How to protect your company in the coming cyber war.” It is a study in the challenges of dealing with today’s shark infested waters of cybersecurity. It can be found on Amazon or Kindle. If you have any questions you can email me at [email protected].

Subscribe to Aftermarket Business World and receive articles like this every month….absolutely free. Click here.

About the Author

Jerry Hutcheson is a writer, public speaker and consultant. He has worked with some of the most important and innovative companies in cybersecurity, including AT&T, Cisco Systems, 3Com, Juniper Networks, Dell and Sonicwall. His company, Cybercreed Consulting, helps company management and executives protect themselves from cyberattacks. He also is the former owner of a Cottman Transmission franchise. His website and blog can be found at www.cybercreed.net.