Tech leader on cyber security: ‘Every company is getting breached’

by Jennifer Joyner ([email protected]) 45 views 

(from left) Sheila Jordan of Symantec, Telle Whitney of the Anita Borg Institute for Women in Technology, Kash Iftikhar of Oracle and Gary Dowdy of J.B. Hunt Transport Services comprise a morning panel on data breach risks and other tech issues during the 2017 Northwest Arkansas Technology Summit.

A morning panel of tech industry leaders spoke on the topics of data breach risk, adapting to changing technology and the importance of team diversity during the 2017 Northwest Arkansas Technology Summit on Tuesday (Oct. 17) at the John Q. Hammons Convention Center in Rogers.

Moderator Bill Akins, chief client officer at Rockfish Digital in Rogers, pointed to this year’s cyberattack on the consumer credit reporting agency Equifax as the latest reminder of the importance of cybersecurity. The breach resulted in the theft of millions of Americans’ information.

Sheila Jordan, chief information officer of Symantec in the San Francisco Bay Area, spoke to the pervasiveness of cyberattacks.

“If you don’t think you’re getting breached, you are. Every company is getting breached. Every company is getting attacked,” she said, adding that one issue stems from gaps that might form in a company’s cybersecurity infrastructure because of a patchwork of different cyber protection products being used.

Jordan said the responsibility for cyber security is not limited to corporate leadership, that solid policies and employee education are paramount. Internal non-malicious threats, including user error, play a substantial role in security issues. Symantec in April released an Internet Security Threat Report. It states more than 7 billion identities have been exposed through data breaches. In the past three years, 1.1 billion identities were exposed in 2016, 564 million in 2015 and 1.2 billion in 2014.

There were 1,209 breaches in 2016, 1,211 in 2015 and 1,523 in 2014, according to the report. In beaches with more than 10 million identities exposed, there were 15 in 2016, 13 in 2015 and 11 in 2014.

While those numbers don’t show upward movement in cyberattack trends during the three-year period, the report states last year saw loftier goals from cyber criminals.

“Cyber attackers revealed new levels of ambition in 2016, a year marked by extraordinary attacks, including multimillion-dollar virtual bank heists, overt attempts to disrupt the U.S. electoral process by state-sponsored groups and some of the biggest distributed denial of service (DDoS) attacks on record powered by a botnet of Internet of Things (IoT) devices,” the executive summary of the ISTR report states.

“The bad guys are getting smarter, more targeted and they’re staying longer,” Jordan said, speaking to latent threats. “One of the things we’ve seen is they’ll be in some part of your legacy environment and you won’t even know it for a year or so.”

Businesses should move away from a strategy of just “identify and protect,” and add a process to “detect, recover, resolve as fast as you can.”

“Nirvana for me, as the CIO of Symantec, is when I can see a problem, detect it, recover it and resolve it with the technology, policy and processes, before my end user even knows anything happened,” she said.

The use of automation, where appropriate, also can help businesses get in front of cybersecurity issues, said Kash Iftikhar, vice president of IaaS (infrastructure as a service) pubic cloud services at Oracle.

“For you to respond to security threats, you have to be one to three steps ahead.”

From a consumer prospective, the rise of data-based conveniences in the form of IoT and artificial intelligence calls for individuals taking responsibility for their own security, said Telle Whitney, president and CEO of the Anita Borg Institute for Women in Technology. “We’re completely connected, and the vast majority of customers don’t really understand the implications of what is happening. A lot of what I’d like to see happening is really better communication on how to protect your privacy.”

On the topic of bringing in new technologies to companies, Gary Dowdy, head of innovation at J.B. Hunt Transportation Services, said willingness from a company’s CEO to innovate and take the related risks is crucial.

“It’s really got to come from the top,” he said.

Another key is to ensure the tech is needed and useful, Jordan said. “At the end of the day, it’s not about technology the sake of technology. It’s about how we enable the businesses to change and grow.”

In terms of employees to work new technology, it’s a unique time, Akins said.

“We’re at a crossroads at a lot of companies, both small and large, where the millennial workforce is moving now to middle layers of management, centennials about to enter the workforce … you have the boomers moving into retirement that have a street smart knowledge of most of industries, and a lot of that knowledge is walking out the door, and generation X is sort of in the middle.”

As a result, what skill gaps are there? Dowdy pointed to a vast need for software engineers and data scientists in Northwest Arkansas and said continual learning is key.

“The pace of change has intensified. Even the millennials and the new ones coming into our organization, that skillset and what they know today is going to be very different five years from now, so it’s a continuous learning process, no matter what age you are, if you’re going to live in this environment.”

Jordan said she agreed with Dowdy’s assessment.

“The only thing that’s constant is change,” and the key to innovation is a diverse workforce, she said. “Look at your entire workforce and figure out how a senior, experienced boomer can be reverse-mentored by a millennial and vice-versa. Then, I’ll think it will create some pockets of just really excellent teamwork.”

Iftikhar also emphasized the importance of having a broad range of points of view. “Diversity of ideas is very important. … I think it’s pretty obvious. When you create a product or you’re running a company, everything is a matter of perspectives. If you think of a product, you have five ways of looking at it. If you get five similar people looking at the same thing in five similar ways you get the same problem, but if you have 15 different people from diverse backgrounds looking at the same problem set, the outcome is awesome. For those who haven’t internalized that, they have missed out.”