In 2017, data breaches impacted all sectors across the board. The industry witnessed the effects of ransomware like WannaCry and NotPetya, and major breaches at Equifax and now Uber. From retail to entertainment and beyond, no organization is safe, and companies are struggling to keep corporate data and personally identifiable information out of the hands of motivated, malicious and extremely crafty hackers.
How can organizations keep precious information secure? Cybersecurity experts and other industry leaders have differing opinions on the level of threats and how best to prevent them. We’re also all impacted by how the media covers the many breaches that become public and the perception of the threats that organizations face. Cybersecurity PR has a role in informing and educating.
With these issues and the most recent data breaches top of mind, the Boston lorries headed to the Cyber Security Summit, Boston to understand how the industry’s thought leaders were addressing the proliferation of data breaches. Most, if not all, experts at the show could agree on some basics: the amount of information being leaked is a growing issue, the amount of data organizations are responsible for is increasing exponentially, and something needs to be done to get a handle on the problem – fast.
Despite the consensus on the overriding cybersecurity concerns enterprises need to address, not all the conference experts agreed on where time and resources should be spent, where companies were dropping the ball, and what IT security teams should do next.
Are hackers really getting more sophisticated?
Again and again, we’ve seen reports stating that hackers are becoming more sophisticated and aggressive. However, Sean O’Brien, president of Risk Technologies didn’t believe that’s actually the case. While he agreed companies have too much data to manage, he argued companies should still be able to manage their cyber risk by using data they have to forecast future cyberattacks. Justin Flier, director of cyber defense at DarkTrace, concurred with O’Brien, citing the Paradise Papers, (where 4.6 GB of data was exfiltrated per day unnoticed) as an example of a cybersecurity shortcoming. Flier argued that companies who can’t catch large volumes of information leaving their networks and who fall victim to simple ransomware attacks today surely can’t stop hackers using artificial intelligence (AI) and machine learning tactics tomorrow.
Increased cyberattacks – an issue with time, money, and resources?
While the morning speakers argued that enterprises haven’t yet been faced with the worst of the worst of cybercriminals, the afternoon panels shared a different perspective. Paul Fletcher, cybersecurity evangelist at Alert Logic, noted that companies are struggling to hire and retain qualified staff to sift through alert data, and apply the appropriate correlation rules and behavioral analytics to automate incident response. So, instead of claiming companies weren’t being attentive to detail, he argued that organizations simply don’t have the time, money, staff, and resources to keep up.
Seeing these conflicting messages play out through keynotes and panels was interesting. In 2018, we’ll have to see if PR teams can help communicate insights from industry thought leaders more effectively through earned media, blogs, and digital channels. Currently the media is flooded with competing messages, each trying to impact how IT security teams should perceive cyber threats to their organizations. Those who can succinctly share their expertise, services, and solutions to the issues facing the industry through effective cybersecurity PR will end up on top. Either way, we can all hope enterprises get a handle on their cybersecurity programs, regardless of their specific message.