Content

Q&A with Michael Kaiser, NCSA

As National Cybersecurity Awareness Month drew to a close, SCMagazine.com caught up with Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), to talk about just how far the industry has come over the past two years.

SC: Are we getting better at cybersecurity and getting both consumers and enterprise users to pay attention?

Kaiser: There have been a lot of changes over the years and people get better at it, then a new technology comes along and they have to learn all over again. It's challenging to make it easier for folks.

SC:  Enter the Internet of Things (IoT)…

Kaiser:  It brings new challenges and it's not just about the consumer. We're always connected, all the time.

SC: Does IoT open kind of a Pandora's Box for IT security?

Kaiser: Devices that start out [aimed at] consumers are then adopted by business. Some devices are long-term investments – your refrigerator is going to be in your home for a long time. But what about if it gets access to your corporate network? Then it can become part of the [enterprise's] problem. That's just more points of access for hackers to exploit.

SC: How do we reduce and mitigate the risk of IoT?

Kaiser:  It doesn't have to be overwhelming. Be thoughtful when you put in new technology. Don't just rush out and get the latest, greatest. Do your homework. Change passwords in devices like routers. You do it for other things, but you might not do it for routers.

SC:  But how do you get people, who are vulnerable to attack and the wildcard for security pros, to do their part?

Kaiser: We saw National Cybersecurity Awareness Month in October as an opportunity for people to recommit to being careful online, for growing internal awareness. We created a campaign, “Lockdown Your Login,” [as part of President Obama's CNAP mission] to encourage stronger authentication.

SC: Authentication often a hard-sell because people often see it as an obstacle.

Kaiser: Authentication is not monolithic, there are many ways to do it – tokens, biometrics, text messaging. It is to everyone's benefit to do it. We want organizations to learn to use the resources they already have toward authentication. The Yahoo breach certainly reminded people that passwords aren't enough.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.