The Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari had the discussion with ‘HealthITSecurity’ about Cybersecurity
According to Eftekhari, it’s currently imperative for organizations to understand that they’ll never be able to prevent breaches from happening.
“The best way to protect their organization is to focus on detect and response strategies, and create as many roadblocks and obstacles as possible so network administrators can quickly identify unauthorized access or suspicious activity on the network,” he explained. “[It will] slow down the attacker’s ability to successfully exfiltrate data and really give the network administrator time to stop the attack.”
According to Eftekhari, behavior analytics, dual-factor authentication, and encryption are critical pieces when it comes to creating “a virtual tar pit” environment within the network to slow down the attacker.
The other key takeaway for Cybersecurity Awareness is the human factor, he explained.
“[ICIT] acts as an educator for the legislative community, federal agencies and critical infrastructure sector stakeholders because they need access to cutting edge research and knowledge of cyber trends.” Eftekhari said. “In that same context, we also need to guide our children and our families, and of course consumers and employees, in cybersecurity best practices without being Orwellian about it. That’s how we’re going to become a more cyber conscious nation and ultimately improve security.”
Montana Williams, Senior Manager, Cybersecurity Practices, ISACA mentioned that it is important that everybody in an organization understand their role in increasing the resiliency of that organization.
“Cybersecurity has evolved slowly because technology has outpaced the security aspect of cybersecurity,” Williams stated. “So it has struggled to keep up with the newest technical advances. The security aspect has struggled to keep up with the threat vectors, and then also it has struggled from an awareness perspective because I believe people are still very naive about the threat of cybersecurity.”
Employee training as a whole is the most critical thing for organizations, according to Williams.
“The technologies exist out there that can do a great job against a threat, but that training component doesn’t exist because the professionals who are managing those technologies don’t know how to integrate them the most effective way on their enterprises against that threat that’s out there,” Williams said.
Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.