Cyber ​​defense isn’t IT’s only job, says CISA CTO

This audio is generated automatically. Please let us know if you have any comments.

ORLANDO, Fla. — IT leaders must equip their businesses with the tools they need to operate securely in an expanding cyber threat landscape, but the blame shouldn’t rest solely with IT, CISA’s CTO said Tuesday. , Brian Gattoni, at the Gartner IT Symposium 2022.

“It’s not your job alone,” Gattoni said. “It is the collective responsibility of every individual to be a good cyber citizen to protect the business. If you touch IT, if you touch data, if you do something for your business around the electronics: you have a responsibility towards cyber.

Gattoni, who joined the Department of Homeland Security in 2010, said organizations face an ever-changing threat landscape. What is needed is more focus on customizing defense strategies, he said.

“The threat space is expanding every day, whether our adversaries are acting directly to improve their capabilities, or the technological landscape is changing in ways that make their job easier and ours a little harder,” Gattoni said.

Leaders are aware of the long-term implications of cybersecurity and are spending accordingly.

According to data from Gartner, two-thirds of CIOs say cyber and information security is one of the top areas for increased investment for 2023. Amid rising threats, this ratio is higher than in other industries. other areas such as business intelligence or cloud platforms.

Along with the availability of new technologies, organizations need to pay more attention to cybersecurity basics, Gattoni said, including but not limited to:

  • Recognize and report phishing attacks, including training employees to spot and avoid them.
  • Enforce the use of strong passwords for all applications and add a layer of multi-factor authentication.
  • Prioritize patches to fix known vulnerabilities.

“Don’t wait: update your software,” said Gattoni. “Every day you delay updating a critical software vulnerability in your business, it’s just an inch of fuse that burns down the line until there’s finally a bang.”

Part of the defense strategy addresses the security features embedded within the technology used by companies. CISA Director Jen Easterly has previously called on tech companies to start building security into the design phase of their security products.

IT tool security features have taken on new relevance amid a spike in supply chain attacks, where hackers compromise a product or service used by a company, then leverage that access to attack multiple users. simultaneously.

“There are a lot of storylines where the villains only succeeded once,” Gattoni said. “That means we all need to work together to share information to help tackle this.”

This is one of the reasons CISA launched the Joint Cyber ​​Defense Collaborative (JCDC) in 2021, a public-private alliance intended to bring together cyber, defense and national security entities alongside private organizations.

“We are your trusted partner in sharing information about what is happening in cyberspace, knowing that our intention is to aggregate it, anonymize it if you need it, and share it with your peers and industry,” said said Gattoni. “You can expect the same to come back to you: actionable intelligence that helps your business.”

Leave a Reply