We've all heard how IoT technologies have and will continue to cause massive challenges to the execution and maintenance of security controls for organizations. How can security teams implement plans and policies to address the security vulnerabilities wrought by IoT-related technologies being leveraged in their organization’s building, products and more?
At RiskSec 2019, gain a more comprehensive view of your companies' risk postures when it comes to current and future IoT developments with speaker Angelo Longo, CISO at Resorts Casino Hotel. The following is a Q&A with Longo:
SC: Let’s talk ransomware. Hotels and casinos have been obvious – and profitable – targets for ransomware. Why does ransomware continue to be a persistent problem? What steps have you taken to thwart and/or mitigate ransomware attacks?
Angelo Longo: Ransomware is always a concern. Ransomware really comes down to user education. User education comes down to the programs I put in place to get my colleagues to listen, be a little paranoid and NOT click on the link. Sure, anti-malicious software tools help, but the users are always the conduits of exploitation that which I am most worried. Backups of data are a good recovery methodology, but did you test the backups? Are they viable? More gray hair.
SC: Casinos and hotels are known for their physical and cybersecurity efforts. How do the two intersect and how do the professionals in each discipline work together to effectively address the needs of each?
Angelo Longo: They are very distinct. Regulations call for separation of duties, and thus security is split into focused groups. We do interact and collaborate, but we each focus on our patch.
SC: What are your cybersecurity priorities in the coming year? What obstacles did you have to overcome to ensure you received the resources, budget and buy-in you needed to meet those priorities?
Angelo Longo: I am focusing on data correlation. I have many data points that I need to take into account, each having their own set of idiosyncrasies. Managed deception is also an interesting technology that I am investigating. Further, GRC/IRM is important for regulatory reasons.
SC: We hear a lot about how AI and machine learning will affect security – how either can help or hinder your cybersecurity efforts. Are there any other technologies or issues that are of concern to you going forward?
Angelo Longo: I believe AI can be effective on both sides of the cybersecurity equation. Any tool that could be used for good can probably be used for evil. Given that, what effects could come from an AI? AI gaming? AI pen testing? AI social engineering? AI data correlation and analysis? All of these could be great or catastrophic. Caution is needed now, and reliance might come later. AI is both alluring and scary.