As National Cybersecurity Awareness Month drew to a close, SCMagazine.com caught up with Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA), to talk about just how far the industry has come over the past two years.
SC: Are we getting better at cybersecurity and getting both consumers and enterprise users to pay attention?
Kaiser: There have been a lot of changes over the years and people get better at it, then a new technology comes along and they have to learn all over again. It's challenging to make it easier for folks.
SC: Enter the Internet of Things (IoT)…
Kaiser: It brings new challenges and it's not just about the consumer. We're always connected, all the time.
SC: Does IoT open kind of a Pandora's Box for IT security?
Kaiser: Devices that start out [aimed at] consumers are then adopted by business. Some devices are long-term investments – your refrigerator is going to be in your home for a long time. But what about if it gets access to your corporate network? Then it can become part of the [enterprise's] problem. That's just more points of access for hackers to exploit.
SC: How do we reduce and mitigate the risk of IoT?
Kaiser: It doesn't have to be overwhelming. Be thoughtful when you put in new technology. Don't just rush out and get the latest, greatest. Do your homework. Change passwords in devices like routers. You do it for other things, but you might not do it for routers.
SC: But how do you get people, who are vulnerable to attack and the wildcard for security pros, to do their part?
Kaiser: We saw National Cybersecurity Awareness Month in October as an opportunity for people to recommit to being careful online, for growing internal awareness. We created a campaign, “Lockdown Your Login,” [as part of President Obama's CNAP mission] to encourage stronger authentication.
SC: Authentication often a hard-sell because people often see it as an obstacle.
Kaiser: Authentication is not monolithic, there are many ways to do it – tokens, biometrics, text messaging. It is to everyone's benefit to do it. We want organizations to learn to use the resources they already have toward authentication. The Yahoo breach certainly reminded people that passwords aren't enough.