We are excited to welcome Theresa Payton, one of the nation’s leading experts in cybersecurity and first female White House CIO, as our guest keynote at Evolution18. Don’t miss the chance to meet her in person at our annual conference, April 9-11, in San Francisco. It’s not too late to register and attend!
Before she takes center stage, we asked Theresa to share her thoughts on the state of the security space and how it has evolved since her time as White House CIO. In part two of our interview, Theresa talks about the investigation process, the risks of the move to the cloud and securing the digital transformation.
Code42: Why do cybersecurity investigations take so long? What steps can security teams take today to shorten them?
Theresa Payton: In Hollywood movies, a geek sits at a computer in the dark, and starts typing away at a keyboard. The geek looks at lists of files and computer code and then, “aha,” finds the evidence that’s needed. If only it worked that way. There are no magic programs that allow investigators to do their work. It’s a literal “whodunit” when there is an incident. Cybersecurity investigations are complex. Often you do not have a witness to talk to that saw the cybercriminal deposit the malware or break into the company. Cybercriminals may delete their tracks, making it hard to pinpoint what they actually stole and how.
One of the best things you can do is to have a plan in advance. Practice digital disasters and practice doing forensics. Set ground rules. Identify the tools you need to purchase and the training your team will need. Interview vendors and choose a vendor that you can work with if the forensics is too overwhelming to handle in house or if you want a second opinion.
C42: What are the risks facing companies as they embrace the move to the cloud?
TP: Think about the data that you and your customers are going to generate. Using cloud platforms can sometimes be a better option than managing your own servers.
You do need someone on your team worrying about the security configurations of your cloud instance. The cloud service providers do not do this for you. There remains no set-it-and-forget-it option when it comes to security.
C42: IT teams are tasked with moving the business forward by helping employees be more effective and embracing the mobile workforce. What advice do you have for security leaders embracing this digital transformation?
TP: No company is perfect. It’s not a technology issue. It’s a creativity issue and an issue of business risks. We have to really try to understand what risks we are willing to take, and which ones are non-negotiable business risks.
What you see in safer companies are the executives taking this very seriously. You often see a governance board, which could be different executives from around the company—so you may see C-suite members from marketing, customer service, legal, finance and risk.
Often, finance is assuming the role of getting that group together because finance is also thinking about the business strategy, business enablement and reducing business risk. Spending that time to talk upfront at the executive level about security as it relates to the organization’s most critical assets is vital to making sure that the issue actually permeates through the rest of the company.
A key item to remember about security is that in spite of following regulatory compliance checklists and compliance frameworks, bad things still happen. Following checklists didn’t stop WannaCry or Petya from spreading, HBO from getting hacked, or help Twitter, Netflix and Amazon during the scary hours of Friday, October 21, 2016, when we realized the Internet was slowing down and, in many cases, not available at all.
What was the cause of the slowdown of the Internet last year? Weaponized baby cams and other Internet of Things devices. It was on that fateful day that the Marai Botnet attack hit Dyn. Dyn, a cloud-based Internet performance management company was the target of a disruptive Distributed Denial of Service (DDoS) attack. The attack directed networked devices to route traffic at the Dyn’s Domain Name Servers (DNS). As a result, Dyn could not respond to the flood of DNS requests and consumers could not reach web sites. It was the biggest, baddest DDoS attack ever… at least until the next time.
C42: Has Hollywood and the media done a good job of portraying cybersecurity and the threats we face? Any examples that have proven to be accurate/predictive?
TP: Our reality TV show, Hunted, did a good job portraying the challenges investigators face when chasing fugitives and the challenges the public faces based on how they live their digital lives. I believe Endemol Shine and CBS did a good job portraying how your digital tracks can betray you. The one thing you did not see were the hours and hours of our team digging and coming up with nothing. You just see the exciting parts. If you have not watched it, my mom says it’s her favorite show and you should trust my mom.
More about Theresa: A pioneering technology leader
Theresa Payton is one of the nation’s leading experts in cybersecurity and IT strategy. She is currently CEO of Fortalice Solutions, an industry-leading security consulting company; and co-founder of Dark Cubed, a cybersecurity product company.
Theresa began her career in financial services, and after executive roles at Bank of America and Wachovia, she served as the first female chief information officer at the White House, overseeing IT operations for President George W. Bush and his staff.