Solving People Problems in Cybersecurity: Highlights from the NCSA and Nasdaq Cybersecurity Summit
Jun 19, 2017 7:35am
A good cyber defense requires an informed, resilient, diverse and nimble workforce from the marketing and sales teams to IT and information security. Human error impacts our ability to defend ourselves and is a leading threat to organizations of all sizes and our global economy.
The National Cyber Security Alliance (NCSA) and Nasdaq recently partnered to host a data-driven, outside-the-box discussion about Americans’ cybersecurity knowledge base, how to minimize human error in the workplace and solutions for addressing the looming cyber-workforce crisis. The June 14 event was the third in the 2016-17 NCSA and Nasdaq Cybersecurity Summit series, taking place at the Nasdaq MarketSite in Times Square, New York City.
Attended by more than 100 industry, government and nonprofit executives, the event featured welcome remarks by Colleen Valentine, senior manager of information security governance and compliance at Nasdaq, and Bill O’Connell, chief business security officer at ADP and chairman of the NCSA Board of Directors.
Smith discussed Pew’s recent survey (March 2017) measuring the public’s online security knowledge – a 13-question quiz in which only 1 percent of respondents were able to answer all questions correctly. Public knowledge was fairly low on issues like encryption and privacy matters, what it means when location services are turned on or off and whether private browsing protects your browsing history from internet service providers.
“It’s less that they’re misinformed and more that they don’t know what the right answer is,” said Smith, encouraging awareness professionals to find ways to get the security message across to consumers in less challenging ways. Learn more and take the quiz here.
Newman discussed BI Intelligence’s research on smart devices, including the prediction that there will be approximately 22.5 billion connected gadgets by 2021, with the consumer portion making up about a third of that estimate. Newman discussed the trend toward device consolidation, with more interconnectivity, and the increase in popularity of smart home voice-enabled tech helpers like the Amazon Echo and Google Home.
“This is where we think the future is going to be,” said Newman, predicting that – while now we might ask a device to turn on the air conditioning when it’s hot at the moment – in the future, our devices might automate the home’s temperature, lighting and more based on our habits and preferences. He discussed the potential “creepy” side of these devices, with their continuous data collection, and emphasized that the growing number of smart devices in the home means it’s more important than ever to have strong cybersecurity practices.
“The problem with security is the human element, but the solution rests in keeping in mind our humanity,” said Conway, who discussed the benefits of both positive reinforcement and a flexible architecture to allow for growth in security innovation. The panelists also emphasized the need to build security in whenever possible in order to not put the entire burden on human users. Blau argued for incentivizing smart security behavior outside the workplace as a way to further protect organizations’ systems.
Priya Mohabir, vice president of youth development at the New York Hall of Science, then gave a TED-style talk on the organization’s efforts to teach young people about STEM and get them excited about cybersecurity and related career fields. She then participated in a panel discussion moderated by NCSA Executive Director Michael Kaiser with Tim Herbert, senior vice president of research and market intelligence at CompTIA, and Amadeus Stevenson, chief technology officer at Decoded North America. The panelists discussed the challenges in filling the cybersecurity workforce gaps, with a growing number of cybersecurity jobs and a shortage of skilled employees in these positions and strategies for addressing this looming workforce crisis.
Kaiser spoke about Raytheon and NCSA’s work over the past several years to survey millennials about cybersecurity careers and measure their awareness of and interest in this field, highlighting the challenges in clarifying what cybersecurity careers entail and the skills needed for these jobs. Mohabir and Stevenson highlighted the importance of making cybersecurity fun so that individuals are drawn to these careers from earlier ages. To fill existing workforce gaps, the panelists recommended being creative and pulling employees from different areas of the organization with applicable skills like problem solving and technology expertise and training them to work in these positions.
Mohabir argued for recruiting “from an expanded pipeline” and exposing students ‒and/or colleagues from different fields ‒ to cybersecurity career possibilities so they can plan to enter into these careers. Stevenson emphasized telling “the human story” of cybersecurity to the public, portraying the skills needed and the challenging, interesting world of the profession, to generate interest in this type of work.
Following the panels, Neil Daswani – chief information security officer of the consumer business unit for Symantec – gave a brief talk entitled “Tell Me Something I Don’t Know.” Daswani spotlighted the safety norm of seatbelts and compared their adoption and importance to those of security best practices like regularly patching software and recognizing the signs of phishing. “Attacks only get better,” he said, and “many seatbelts can be employed,” emphasizing the need for internet users to understand the basics of online scams and threats to protect themselves online.
Eleven reporters attended the event, conducting interviews with speakers and event partners. Here’s a sample of preliminary media coverage stemming from the summit (stay tuned for more stories in the coming days):
Thank you to everyone who participated in this summit and helped make it a resounding success. Check out the #CyberAware hashtag for more social media highlights and privacy tips. And consider signing up for our mailing list to receive cybersecurity and privacy news, resources, upcoming event information and ways to get involved year-round.