“Everyone in this room has been breached or will be at some point.” While cyber-attacks and data breaches were key topics—and key concerns—at the first annual Cybersecurity Education Summit in Bend, Ore., there was also ample discussion around how to protect companies big and small, available cybersecurity and networking resources, current cyber threats, and a “we’re-all-in-this-cybersecurity-thing-together” mentality. The summit was well attended by information technology (IT) security professionals in regional businesses and organizations of all types, representing a cross-section of interest from banking, healthcare, point-of-sale, local government, education, and technology.
Each sector had the same question: What can we do to protect our company, our customers, and our assets from the growing cyber threat?
Protecting sensitive information is critical if we want to stay in business…and thrive. According to the National Cybersecurity Alliance, half of all cyber-attacks target small businesses. The Summit covered security standards, regulations, coalitions, resources, procedures, best practices—it was a day to learn from experts, and learn from each other, with examples shared and discussed.
Some of the attendees may have been surprised to learn that their own employees could be one of the greatest sources of cybersecurity problems, with cyber criminals using social engineering techniques to break through defenses and into businesses. Employee cybersecurity training was a hot topic. One point of view was to encourage employee openness so they will come to IT if there are problems – even if they were the ones making the mistake, such as accidentally clicking on a spoofed email attachment (which happens more than we want to admit). Vendors we do business with also pose risks, especially if they have network access. One speaker suggested having the people you do business with follow the same security procedures you do, to ensure you have a similar security mindset.
Key presenters and topics included:
- Cybersecurity research, cyber health, and promoting cyber hygiene
Rebecca Craven, MPA, Center for Public Service (CPS) at Portland State University and Jess Daly, MPP, CPS at Portland State University
- Building blocks of an information security program
Leslie Golden, CISSP, president, Instill Security
- How to be PCI compliant
Tyler Hardison, CISSP, PCI QSA, director of solutions and innovation, Redhawk Network Security
- The hidden element of cybersecurity: the human element
Lewis Howell, CISSP, CEO, Hueya, Inc.
- Overview of cybersecurity in Oregon and NW Cyber Camps, a summer camp for teens to learn Charlie Kawasaki, CISSP, principal, Software Diligence Services, LLC
- When vendor vulnerabilities become your own
Clara Tsao, Entrepreneur and White House Presidential Innovation Fellow
- Resources and support available from the Department of Homeland Security
Ronald D. Watters Jr., M.ED ESLC Cyber Security Advisor, Region X, Office of Cybersecurity and Communications, United States Department of Homeland Security
We were honored to host the first annual Cybersecurity Education Summit along with Technology Association of Oregon. While the Cybersecurity Education Summit day came to a close, just as the first snowflakes appeared in Bend, the discussions will continue. Cybersecurity is a daily focus for many of us, as we are steeped in security and we all want to do the right thing. We are in this together, throughout our state and beyond. Stay tuned!