The director of National Security has named cybersecurity a top threat to the country for the last three years, and because of California’s size and economy, it's a big target. With this introduction, state IT leaders met Thursday for a vendor-sponsored cybersecurity education panel, called Sacramento Security Day. These are the top five things to know from that meeting.
Takeaways
1. Multiple authentication — Amazon and Google have begun using this technique to help secure accounts. A similar system has been set up with debit cards requiring chips and PINs. As more threats include the scraping of credentials, finding some other way to identify a user as being legitimate is important. However, it's a hard balance between requiring secondary authentication and inconveniencing users, warned Brad Evans of Okta, a provider of identity management solutions.2. Seeing the system before an attack — Knowing what devices are connected to the network, seeing into the “bowels of the network,” and analyzing the data collected about what information enters and leaves the system is critical, said Jai Balasubramaniyan, director of security device management at Gigamon. Understanding what constitutes a critical system and where threats such as ransomware can enter the system is important.
3. Minimizing the time frame — Seeing the data moving through the system, and having a plan for where each communication is filtered through — and through which security tool — can help pinpoint a threat before it does damage. Shortening the timeline between a threat entering the network and catching the threat offers an option to neutralize the threat before data is exported.
4. Working together — Some malicious hackers are lone actors, but many work in groups. Communicating between agencies and educating users can help minimize risk. Front-line employees can keep themselves educated and CalOES can help educate at the higher levels.
“We’re fighting this together, one team, one fight,” Owen said. Working at the IT and user level, coupled with talking to executives and asking the Legislature for assistance, could create a more holistic approach.
5. Recovery plan — Knowing what will happen once an attack has taken place is important. Having backups for the network so the affected area can be quarantined or shut down is critical to continuing business as normal. Having an emergency plan in place about what will happen with customers could save money and reduce negative impacts. A communications plan is also important so each department knows how to respond, including the department’s executives. One spokesperson and a short timeline of informing the public can minimize reputation damage.
“Nobody is going unscathed here. … If folks aren’t prepared, it can be very disastrous,” said Keith Tresh, commander of the California Cybersecurity Integration Center (Cal-CSIC) at CalOES. “The collective brain is better than one of us.”
