A link between yoga mats and infertility was implied through a Harvard study that evaluated flame retardant exposure in women at a fertility clinic in Boston. These toxins can be absorbed both through the air and by touch. While yoga may not be your thing anyway, cyber threats are computer toxins that affect everyone.
When people talk about protecting their bank's information, they usually talk about technology--firewalls and secure software and encryption and the like. But according to Alex Stamos, one of the most prominent chief information security officers in the high-tech industry, enterprises should be focusing more on the "human" aspect of information security. Since cyber security is mission critical to banking, we thought we would highlight some of the important takeaways from Facebook Chief Security Officer Stamos' speech at the digital security conference, Black Hat USA, in late July.
Stamos told a rapt, stadium-size audience of information security professionals that they need to refocus on making "security work for everyone." As corporate breaches and the digital security needed to prevent them become more mainstream, Stamos says that all companies (including banks) must dig deeper into why these attacks are still so successful and seek to find ways to include non-InfoSec personnel in developing solutions. For community banks, the best way to do this is to stay in regular touch with the cyber industry, through newsletters, chat groups and the top conferences.
While complex attacks attract a lot of attention, Stamos points out that CSOs and their business leader partners must look at potential vulnerabilities and points of attack that are not as advanced--because money-hungry adversaries will always look for the shortest and easiest path to their goal. This is a good reminder to pass on to your IT group.
Stamos also mentioned in his speech that these cybersecurity issues throughout various business sectors have "definite practical, economic and societal impact." And arguably, even community banks are feeling the heat; you may find your bank increasingly in the crosshairs of individual hackers and cyber-crime rings, hoping to make a big win by sneaking in through your community bank system. As a result, he suggested that enterprises take a more defensive stance in plugging vulnerabilities, and staying on top of "zero-day problems" (software bugs that are yet unknown to the vendor) immediately through internal or external help.
Lastly, Stamos underscored that InfoSec professionals need to be less perfectionist and more inclusive in their approach to inculcating a sense of digital security across their enterprise. He highlighted the need to work together with the very people that are sometimes seen as the cause of cyber issues instead of "shifting the responsibility of security to the people we are trying to protect." He further noted that digital security teams must make security more accessible to all corporate users--avoiding the long-held ideals of 'security by obscurity' and trying to create 'perfect' security solutions to everyday problems.
Although this may have been a little "techy" this early in the morning, we hope that we have given you a little cyber industry insight for the day and haven't bent you too much out of shape.