Panel: Top-level support crucial for security

Well-informed, proactive oversight by senior management is crucial for organizations to effectively prevent cyberattacks, a panel of cybersecurity experts said yesterday.

“The best [vulnerability] management technique is top-level buy-in,” said Michael Wiser, vice president of product development at Citadel Security Software, speaking at a conference the company sponsored in Washington, D.C.

Executive support is especially important in larger organizations, Wiser said, which have more division and tension between senior management and information technology divisions.

Tracking all attacks and their costs can help IT personnel justify funding for more resources, Wiser said.

Top management must look at trend analysis and make their security efforts more proactive, direct and actionable, said Mitchell Rambler, vice president and general manager of military operations at BAE Systems IT.

Organizations must have systematic, automated vulnerability-management tools and ways to quickly quarantine attacks, Rambler said. More importantly, executives must write effective policies and empower people to enforce them, he said.

Corporate governance must ensure that an organization’s IT assets are protected and don’t just meet regulatory minimums, Wiser said.

A lot of attacks occur because of improperly configured devices, Wiser said. Patching covers only 25 percent of security regulations, and the number of cyberattacks is increasing, he said.

“This is a key factor in vulnerability management: The bad guys are getting better,” Wiser said.

Organizations have to integrate security and privacy into their risk-mitigation operations, said Robert Dix, Citadel’s vice president of government affairs and corporate development.

Requiring that devices comply with network security policies before they can access the network is a good first step, Dix said. Demonstrating that their systems are secure will be a significant business driver for all companies, he said.

Executives still don’t understand technology, Wiser said. They want a report stating that their staff have vanquished vulnerabilities -- or even better, that the organization was never vulnerable at all, Wiser said.

A lot of companies used to hide behind the “security through obscurity” mantra, said Lawrence Orans, research director of communications enterprise solutions at Gartner. Now people realize they can lose their jobs – and their lives – because of a breach, he said.

Government mandates and regulations are pushing more organizations to take cybersecurity seriously, but many companies still “have to be hit by a two-by-four before [they] react,” said Steven Solomon, Citadel’s chairman and chief executive officer.

Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected