Cyber Security Tips From a White House CIO

On October 21, 2016, a digital disaster occurred across the globe. Online users were barred from popular sites such as Twitter, Netflix and others, all because of the Internet of Things.

According to wccbcharlotte.com, hackers were able to flood these popular sites with so much traffic through the IoT that the sites simply couldn’t handle it, and were forced to shut down.

If a hack like this can happen once, it most certainly can happen again (and already has), so how can you protect your business and the solutions you provide your clients from getting hacked?

Tip 1: Best Practices Don’t Work

“Best practices were the worst thing that happened to cyber security,” said Theresa Payton, former chief information officer of the White House and founder and CEO of Fortalice Solutions, a Charlotte-based cyber security firm, at the 2017 PSNI Super Summit in Dallas, Texas. “Checklists don’t stop bad things from happening.”

While checklists and best practices have been implemented in tech departments and companies across the globe, they haven’t actually protected companies from cyber threats.

“We always talk about reducing risk, but things have actually gotten worse,” said Payton. “You have to ask yourself, since we’ve now had three attacks using the IoT, will you be ready?”

Tip 2: Implement Lessons that Will Make a Difference

Payton offered the following tips for protecting your company and your clients’ data.

1. What data and network information matters most? You cannot protect it all and you cannot treat every digital asset you have as the same, so companies must decide what is top priority when it comes to protecting their digital assets.
2. Identify your “POTUS” and “VP” assets. The President and Vice President are the White House’s top priorities when it comes to protecting the government. Make sure you know what assets and information represent your “POTUS” and “VP.”
3. Practice digital disaster. What if the worst happens? Replay the attack of Oct 21 and assume it was your devices attacked. Implement your digital disaster strategy, see how it works and make adjustments where necessary.

Tip 3: Use the White House Strategies As a Guide

Payton shared the top four actions taken at the White House to protect their network and data.

1. Admit all security is defeatable.  Payton said to think about storing your data differently, such as what you would do with your jewelry when you go away for vacation. You might hide it in a safe or drawer. Do the same with you data and store it in places that may be more protected from hacking than others.
2. Understand adversarial targeting. “Who would want to steal my data? Who would want to embarrass me and make my life miserable?” asked Payton. Companies need to identify who would want to get access to their data. Once that person is identified, Payton said companies should create a profile of them and share that profile with their security teams. “Go to your security team and have them act as if they are your company’s adversary.” Payton advised to not disrupt operations, but to try out this tactic to see how prepared your company really is for a cyber attack.
3. Be on the offensive. “This is vital with the IoT,” said Payton. “If a device is behaving badly, (Wi-Fi is connecting weirdly, etc.) [the White House] has permission to ‘kill first, ask questions later.’ Get that permission.” Payton warned, however, that companies need to be careful in doing this, as “it could make you wildly unpopular with your customers and executives. But it’s the difference between someone probing you and someone breaching you.”
4. Plan ahead. Don’t wait for an attack to happen to implement a plan. Develop a plan as to how your company would respond to a digital disaster and regularly rehearse that plan.

This article was originally posted on sister site Commercial Integrator.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!