Print Friendly and PDF

Information Sharing, Education Critical to Defending Against Cyber Threats

In today’s technology-driven world, businesses face a barrage of cyber threats, each larger and more sophisticated than the last. Michigan alone sees more than 2.5 million annual attempted cyberattacks. Despite the risk, many businesses are still ambivalent or unaware of how to take action.

To address that need, the Detroit Regional Chamber, in partnership with the U.S. Chamber of Commerce, hosted the 2016 Cybersecurity Conference last Thursday, bringing together nearly 160 business leaders and top experts from government, law enforcement, and the private sector to share tips for strengthening cybersecurity programs.Discussions throughout the day centered on the importance of private/public partnerships, information sharing between businesses and law enforcement, behavioral training for employees to prevent data breaches, and changing mindsets at the c-suite level.

Discussions throughout the day centered on the importance of private/public partnerships, information sharing between businesses and law enforcement, behavioral training for employees to prevent data breaches, and changing mindsets at the C-suite level.

“You can’t wait to think about an attack and then respond. It has to be part of the conversation from the breakroom to the boardroom,” said Tammy Carnrike, the Chamber’s chief operating officer.

In his keynote address, Mike Rogers, former chairman of the U.S. House Permanent Select Committee on Intelligence, said mitigating risk requires constant vigilance, adding that 69 percent of companies in the United States do not know what applications are running on their networks, and only 35 percent regularly test their networks. Rogers highlighted numerous threats facing the country, particularly among cyber criminals and foreign governments in conducting attacks on critical infrastructure, financial firms and organizations.

“Eighty-five percent of the networks in the United States are private sector networks. These criminals aren’t going after the NSA, they are going after you. Businesses are a much tastier target,” he said.

Protecting critical information can be as simple as educating employees on basic security practices and policies, securing Wi-Fi networks, and limiting access to data and information. Oftentimes these practices are overlooked among small and medium-sized businesses through a false sense of security.

“You need to think about your data and where it goes,” William Adams, vice president of research and cybersecurity at Merit Network said. “We can make (cybersecurity) foolproof but God keeps creating better fools.”

Determined attackers and persistent threats are only part of the cybersecurity equation. Panelists suggested there is also disconnect between perception and reality of security preparedness among a company’s board, CEO, and chief information security officer. While C-suite leaders may believe their security processes are optimized, oftentimes companies lack the latest security measures. This disconnect, along with rapidly evolving compliance laws and an ROI mindset, can leave a business susceptible to an attack.

“Simply satisfying compliance is not enough. C-suite senior leaders must be able to articulate how cybersecurity fits into the organization’s overall business strategy and educate their board on what the organization has in place to address cyber threats,” said Donald Welch, chief information security officer at the University of Michigan. “Cyberattacks will be an ongoing battle as long as we use networks and computers.”

With its premier universities, robust entrepreneurial climate, and automotive and defense R&D, panelists said Michigan is “ground zero” for cybersecurity innovation. However, attracting and retaining top talent is challenging, especially as the state competes with national firms that can entice graduates with six-figure salaries.

“Attracting talent is critical,” said Christian Kopacsi, chief security officer for the state of Michigan. “A government job does not always appeal to someone who sees their friends making a lot of money working for a private firm. But we try to get into colleges and universities early to sell students on the mission and stop the brain drain of security talent going to out-of-state tech companies.”

Throughout the day, the Summit also featured panels on the automotive industry’s perspective on cybersecurity in the race for connected and autonomous vehicle technology and efforts underway at the state and federal levels to protect businesses through the Michigan Cyber Initiative and the National Institute of Standards and Technology’s cybersecurity framework.