On today’s podcast, we’re joined by former National Security Agency (NSA) Deputy Director Bill Crowell. Listen in for a conversation in which we tackle critical questions around national cybersecurity, emerging enterprise threats and strategies for organizations to improve their security outlook.
Malware and Phishing Remain Top Threats
Based on his vast experience, Crowell identifies two key cybersecurity trends that have emerged over the past 15 years: malware and phishing.
Malware is the most notable threat today thanks to the introduction of advanced persistent threats (APTs) that can compromise nonconnected networks and cause long-term damage to enterprise systems. Phishing, meanwhile, has emerged as a primary source of cyberattacks in this decade as threat actors increasingly leverage social engineering to exploit human nature.
Enterprises are also struggling with defense. Crowell notes that while solutions such as network segmentation are effective, they often lack full-enterprise adoption, thus limiting their impact.
Are Election Systems Safe?
Crowell is particularly concerned about emerging issues related to election systems, which are often managed by local governments and can be difficult to audit and evaluate. While implementing automation may help alleviate some cybersecurity concerns, Crowell notes that, in his experience, it’s “not possible to build completely secure systems.”
It’s not all bad news, however: Crowell mentions that open-source technology can help minimize election attack concerns.
Plugging the Skills Gap
Crowell also highlights the need for skilled staff, noting that increased reliance on complex government and private enterprise systems has helped fuel the IT skills shortage. To help alleviate this industrywide problem, Crowell suggests implementing four key technologies:
- Authentication — This important, but rarely deployed technology significantly reduces threat actor efficacy.
- Encryption — Critical to protect data in transit and at rest.
- Firewalls — Next-generation firewalls are necessary to address cloud issues.
- Malware protection — Real-time protection is required to address emerging threats.
Responding to Major IT Shifts
For Crowell, the most significant IT trend to date is the shift to cloud computing. Driven by economies of scale, evolving cloud infrastructure is often more secure than on-premises alternatives, but it requires a new approach to security. This includes encrypting data before it reaches the cloud using multicloud data encryption tools that both protect information before it leaves local servers and splits data into multiple segments to limit access risk. The goal is to decrease the attack surface and impede attackers’ efforts.
Crowell puts it simply: Breaches are harming the nation as enterprise, and personal privacy is compromised by increasingly sophisticated and agile attacks. Effective cybersecurity demands a combination of skilled professionals and key technologies to address emerging IT trends.
If you enjoyed listening, please consider rating the podcast or leaving your feedback on iTunes or wherever you listen.