No cybersecurity defense is impenetrable, and you can’t afford to protect all assets equally, says cybersecurity expert Theresa Payton.
Instead, credit unions and other organizations must develop specific protection strategies centering on their most valuable and vulnerable assets, advises Payton, who served as the White House’s chief information officer from 2006 to 2008 under President George W. Bush.
“You don’t have enough money and time to fix everything,” she tells BizWomen, “so you have to focus on where to spend the time and the resources on fighting the bad guys.”
Payton, who spent 15 years fighting fraud and minimizing risk in banking prior to her tenure at the White House, will address CUNA Tech/OpSS Council Conference attendees in her Wednesday keynote address, “Combating Cybercrime in the Financial Service Industry.”
The founder and current president/CEO of two cybersecurity firms (Fortalice and Dark Cubed), Payton will discuss how and why the financial services industry’s heavy investment in cybersecurity hasn’t eliminated attacks and breaches—and she’ll offer solutions on how credit unions can better secure their assets.
That starts by changing the paradigm around which most organizations create cybersecurity strategies.
“Our security culture… currently says, ‘Build this big moat, with antivirus, antimalware, and intrusion detection,’” Payton tells BizWomen. “Executives hit a saturation level and, in their mind, they’re done. But all they did was create rings, so if people can get in, they can take everything.
“Instead, we have to focus around specific protection strategies,” Payton continues. “Where is your data stored? Does vendor access create a weak link? If the data is sold or posted on the web or on the front page, would it put you out of business? Companies need strategies around those assets.”
But that’s just part of the puzzle, according to Payton, the co-author of two cybersecurity books, including the 2014 release “Privacy in the Age of Big Data,” and one of Security Magazine’s Top 25 Most Influential People in Security.
Despite their good intentions, private organizations and government agencies must realize the weighty responsibility for maintaining databases filled with consumers’ information—and ask hard questions about why and how long they store that information, Payton said in a January 2014 appearance on "The Daily Show with Jon Stewart."
“Corporate thinks they’re doing it to help you, to give you a better experience, a better product. The government thinks they’re doing it to help you, to give you better security, to protect you,” Payton says. “The cybercriminals just want [to access] the data because they want your identity, they want your life, they want to be able to take over your information.
“I think we can all band together and say, let’s not collect and store data indefinitely,” she adds. “Let’s think differently about what we collect and how we use it.”