Theresa Payton has enjoyed a unique and up-close view of how information and cybersecurity tools and techniques have attempted to keep pace with a constantly changing threat environment. As White House chief information officer from 2006-2008, Payton witnessed the dawn of the smartphone and social media era.
“Working at the White House was truly like no other experience I’ve had – it was thrilling and ever-changing,” Payton said in a pre-conference interview. “The nature of the work is one thing, but when you add to it the fast pace with the rapid advances in technology during my tenure, it made supporting the mission of the White House exciting and challenging, to say the least! We were laying the groundwork for today’s cybersecurity.”
Since then, Payton has continued to build upon those initial security efforts, serving as an expert for enterprises and practitioners working to stay ahead of and defeat the latest threats, which are quite different from only a few years ago.
“Cyber-criminals have been active since technology has existed, but it’s the pervasiveness and creativeness of cyber-criminals that differs today,” she said. “Anyone with a laptop and $20 can buy a ransomware kit on the dark web, so access to malicious tools and the ability to learn how to use them has never been so easy.”
As cyber-criminals’ tactics are evolving, information and cybersecurity tools, techniques and approaches need to keep pace.
“Cybersecurity professionals need to know as much as they possibly can about cybersecurity, and I highly recommend that they stay a constant student of their profession,” Payton said. “We are seeing more and more cyber-professionals have responsibility for the business side of security, not just the technical side of the matter. I’d encourage all cyber-professionals to know the strategic business priorities of their organization and how security relates to those priorities.”
However, enterprises can’t afford to do it all when it comes to security.
“The reality is that business execs can’t outspend the issue,” she said. “With today’s threats, it’s WHEN not IF – and they must be prepared. Cybersecurity no longer is something that can exist in a vacuum. It must be elevated to the board level and given a seat at the table.
“Several years ago, cybersecurity was seen as only a technical issue, and while that’s still true, cybersecurity is, more than anything, a brand issue,” Payton argued. “Cyber-professionals must acknowledge the significant implications an adverse event can have on a company’s reputation and do everything in their power to balance implementing technologies and to create interoperability while also fending off cyber-criminals. Companies can face extreme backlash and brand reputation issues if they mishandle a breach. Conversely, companies that handle a breach well can not only rebound, but grow.”
For Payton, the threats for 2019 and beyond will come from two primary sources: nation-states as well as criminal and hacktivist groups.
“The disturbing trend of an increasing number of nation-states with more advanced cybersecurity capabilities continues to threaten destabilization across the globe from a national security and economic security perspective,” she said. “However, there is also an increased ability for a relatively unsophisticated threat actor to be successful within the cyber-domain.
“The reason for this is two-fold. First, the increasing availability of automated hacking tools in the public domain provides the ability for individuals or groups of individuals with a basic set of skills, or just financial means to buy their way in, to achieve success. Second, the increasing availability of elastic computing infrastructure provides attackers with the ability to design and deploy relatively sophisticated attack infrastructures with ease.”
Former White House CIO and Cybersecurity Authority Theresa Payton will be sharing expert insight and professional anecdotes at the Infosecurity ISACA North America Expo & Conference, November 20-21 in New York, NY.
To help enterprises and security professionals be prepared, the Infosecurity ISACA North America Expo and Conference 2019 offers a track of learning sessions focusing on “Emerging Tools and Techniques” – register now!