Earlier this year, local tech enthusiasts in the Washington DC area congregated at 1776’s downtown location for Tech in Motion’s panel discussion: Cybersecurity And Its Growing Role.
The featured panelists included Anup Ghosh (Invincea), Tom Parker (FusionX), Jason Rivera (Deloitte) and Josh Marpet (BiJoTi), with moderation by Bob Stratton, General Partner of MACH37, a Northern Virginia based cyber accelerator.
Before the panel took the stage, sponsor companies Jobspring Partners and Workbridge Associates thanked everyone for coming and offered to help with any job or talent search. Looking for a new role? Check out open tech positions here.
The discussion kicked off with a look at the cybersecurity industry as a whole. As with any industry, there are notable pros and cons. Anup took the lead by stating that “security problems are not new,” which rings true as we continue to see an ever increasing amount of cybersecurity-related headlines in the media. The most common of these relate to cybercrime and attacks on high profile companies.
“In the last decade, we’ve seen the professionalization of the cyber adversary,” Tom addressed this growing trend in the marketplace.
Jason reinforced this with his point that “Cybercrime is the most profitable illicit business on earth; it is a trillion dollar business.”
This growing trend of cybercrime makes for an increasingly profitable industry as more companies look to reinforce their security measures. However, Anup noted that cybersecurity companies aren’t looking to reverse this trend, “We’re doing a really good job of making a lot of money in the cybersecurity industry but not fixing a whole lot.”
The industry places a larger emphasis on attack detection versus prevention when in fact the opposite is ultimately what is needed to reverse the progression.
In combatting the rapidly increasing presence of cybercrime, the panelists discussed the importance of educating the masses in general best practices. Josh explained, “To bridge the gap between the knowledge and deployment of cybersecurity practices, you must educate the people.”
Anup further addressed the responsibility gap when it comes to protecting company data: “Can’t blame users for bad things happening on sites; [companies] need to give them the right equipment to do their job.”
Heading into 2015, the cybersecurity industry was at the forefront of national headlines after the data breaches on major corporations such as Target, Sony, and Anthem. As the panelists attested, large corporations are now taking extra precautions to ensure that their network is safe from attackers.
Josh prefaced this topic with a shocking statistic: “In the past year, there have been more records breached than the number of American citizens.”
So where do large companies fall short? “Companies that tend to fail and are breached are those that cannot conceive of themselves being a target," Jason answered. "The ones that succeed are the ones that are proactive and acknowledge the internet is a part of their business.”
The panelists continued to discuss where the cybersecurity industry fits into the current breach landscape and how it can proactively respond to breaches. In Anup's opinion, “We should focus on prioritizing detection, that’s how we’re going to change this breaching trend.” Jason added, “Cybersecurity is reactive-- what if we were more proactive and made breaches more challenging as well as less profitable?” The speakers all agreed that these breaches have essentially become expected among most in the security industry.
Tom firmly stated, “Unfortunately, it’s going to take more breaches and larger corporations going out of business to make others understand this threat can happen to anyone.” In the meantime, he said, “Businesses should practice ‘good hygiene' ” and spend money wisely on the appropriate preventative security measures for their network. This includes having your network checked regularly, as well as operating under the assumption that “there are already hackers in it,” according to Josh.
The discussion then transitioned into the panelists exploring both sides of the debate on encryption. Anup started off saying, “With encryption, you have to have reasonable expectations of what it can and cannot do.”
Our panelists all agreed that the value of encrypting company files lies in increased difficulty for hackers looking to access that data. However, it’s important to be realistic in ones expectations; encryption is not the only defense necessary when facing hackers.
When the topic of surveillance emerged later in the discussion, Anup stated that “Encryption leads into a debate about a larger issue of surveillance." It seems that encryption is almost a double-edged sword: able to bring increased security to one’s network, but not without the risk of increased surveillance.
To bring the evening to a close, Bob opened the floor to the audience for questions. The 30-minute session for questions ranged from tips on the best way for customers to protect themselves against corporate breaches to the panelists’ ideas on how to bridge the knowledge gap within the cybersecurity industry. The questions and audience engagement really drove home the concept that cybersecurity is definitely applicable to everyone.
If you’d like to connect with meetups like this, join the Tech in Motion DC Meetup group for the latest event announcements.