This morning, Onepath hosted a cybersecurity event at the Harvard Club in Downtown Boston. Over my career, I have participated in many events like this, but I have to say that this was the best event that I have been fortunate to be a part of. Every attendee echoed similar thoughts.
We billed this event as a fireside chat. The main speakers were Brian Shield, VP/IT for the World Champion Boston Red Sox and Eric Rosenbach, Co-Director of the Harvard Kennedy School’s Belfer Center for Science and International Affairs and former Assistant Secretary of Defense for Global Security.
The discussion with Brian and Eric was outstanding. They made things so relatable and for individuals with their experience and responsibilities, they were so humble, down to earth and relatable. They had the room riveted the entire time. Thank you to everyone who came out for this event!
Following are some of the highlights from the chat:
- Ransomware like the latest LockerGoga will continue to be problematic and most likely grow. The worst Ransomware came from NSA and DoD leaks of offensive cyber weapons.
- Nation States will continue to lead bad actors. It’s an asymmetric weapon that non-democratic countries can use against more powerful western countries. Many countries are unable to compete with the traditional military power of the United States and NATO, but hacking and other cyber weapons and attacks level the playing field. North Korea uses ransomware and other cybercrime to raise money to get around sanctions. Look for more info ops like what the Russians did in the 2016 elections.
- AI will help defensively, but we need to look out for info ops that may look very real but be fake. Think of online videos from a political candidate that’s not really the candidate. How do we know what’s real and what’s not?
- Cybersecurity is a holistic approach. It’s not just technology, it’s a leadership issue. CEO’s and Boards need to have raised awareness.
- Incident response plans are critical. The plan must be tested as you don’t want to test it when you first have to activate it.
- Cyber security is very interconnected. Private industry is being targeted. We are all on the front line. It’s important to the national security of our country to educate our workers on how to remain safe. Eric feels this is a duty we have to our country. We must address the threat. We need to change the culture and improve investment.
- Social Media monitoring can give you insight into whether or not your organization may be targeted.
- Worry about the threat actor that infiltrates and hangs around for several months. That’s a big concern of Brian’s.
- Your corporate assets are highly vulnerable in foreign countries like China. It was recommended to never bring your personal or corporate cell phone or computer. Get a burner, solely for the trip.
- Your reputation may hang on your supply chain! Be sure they have good cybersecurity and put requirements and penalties into your contracts.
- Everyone should be using 2FA.
I wrapped up the chat by sharing a few stories that reinforced some of the above. Finally, I concluded with the following concluding statement from recent CompTIA testimony before the US Senate Committee on Small Business and Entrepreneurship titled “Cyber Crime: An Existential Threat to Small Business” delivered by CompTIA EVP Elizabeth Hyman:
“While the challenge that lies ahead of us can seem overwhelming and almost too great a burden to bear, it is one we cannot afford to ignore. By working together and continuing to embrace the private-public partnership that has long benefited the cybersecurity ecosystem, we can do a great deal to help better prepare small businesses, and business of all sizes, for the cybersecurity threats they are facing.”
What’s your plan for addressing your cybersecurity risks and educating your workforce on their role?