Cyber:Secured Forum Stresses Collaboration to Attain True Cybersecurity
Achieving its goal to connect disparate groups within the security industry ecosystem, organizers of the first-ever Cyber:Secured Forum laid the foundation for empowering stakeholders with tools and knowledge for cyber hardening integrated solutions.
DENVER — Perhaps the overriding takeaway from the inaugural Cyber:Secured Forum can be summed up, thusly: It takes a village.
Held here June 4-6, the event imparted cybersecurity trends and best practices in the context of designing and installing secure physical security systems, among other integrated solutions. But that can’t happen with any hope for cyber success without buy-in and intimate participation from the raft of stakeholders that have a hand in these systems.
Creating a more responsible security ecosystem — amid an increasingly perilous threat landscape — demands collaboration and harmony from the once all-too-often siloed integrator, manufacturer, IT department, C suite, among others. Not the least of which, the end user and its crew of employees.
It all can seem so daunting. Consider the assemblage of technologies, processes and practices necessary to protect networks, computers, software programs and highly sensitive data from infiltration, damage or unauthorized access.
The people and businesses behind these security and IT systems must interact and coexist for any chance at flourishing in a safe, liability-protected environment. These multifaceted stakeholders were well represented in a series of panel sessions throughout the Cyber:Secured Forum, which was produced under a partnership formed by PSA Security Network, the Security Industry Association (SIA) and ISC Security Events.
With roughly 250 security and IT professionals in attendance, panel session topics focused on global cyber-crime trends, the NIST cyber-physical framework, how to make a business cyber resilient, cyber-hardening physical security systems and much more.
Bill Bozeman, president and CEO of PSA Security Network, delivered opening remarks to a packed ballroom at the start of the first full day of the event. He wasted no time congratulating members of the integrator cooperative and other security providers in attendance for making the investment in time and resources to be there.
“You are the smart ones,” he said, expressing that a commitment to cybersecurity will be necessary to compete and succeed in the coming years. For security providers unwilling to evolve with the marketplace, Bozeman, who is possibly the industry’s earliest cybersecurity evangelist, bluntly stated those “who don’t adapt, don’t exist anymore.”
With that a rather intensive roster of panel sessions unfolded over the next day-and-a-half. What follows below is an overview of just some of the topics and takeaways gleaned throughout the event.
Cyber:Secured Forum Tidbits & Takeaways
Law enforcement, of course, assumes a vital place in the village. Judy Smith, cybercrime and national security section chief, United States Attorney’s Office, District of Colorado, presented a keynote titled “The World of Cybercrime.”
She delivered sobering information how Internet-based crimes are increasing in complexity and number, and how federal agencies across the nation are reacting and retooling to combat them. Think you’re safe from being hit by ransomware? Get real. For $20 anybody can go on the dark web, purchase a ransomware package and soon be in business.
Among cyber incident best practices for prevention and planning, Smith advised to regularly practice your plan. This includes designating a cyber incident and response team; prioritization of protection; plan to preserve data; and plan to notify law enforcement and victims. Also important is engaging with agencies such as Infraguard, FBI cyber task forces and the USSS Electronic Crimes Task Force.
Ray Coulombe, founder and managing director of SecuritySpecifiers moderated a panel titled “Harnessing Cyber-Physical Security Technologies.” He was joined by Jeff Crume (IBM), Donal Keating (Microsoft) and Matthew Rosenquist (Intel). The group discussed ways how the IoT, blockchain and AI can be expected to disrupt the security of cyber-physical systems.
To pull one needle out of the haystack of material discussed in this panel, learn up on blockchain. “There is no industry that blockchain won’t have an impact in a positive way,” Rosenquist said.
A vendor panel session titled “Being a Cyber Responsible Partner” featured David Brent (Bosch Security Systems), Jake Cmarada (Dahua Technology) and Mike Sherwood (Milestone Systems). Rob Sloan, cybersecurity research director of The Wall Street Journal, served as moderator. A quick sound bite: The panelists were unanimous the industry is “behind” and “in its infancy” where cybersecurity is concerned. Still, they project the industry will have made great strides by this time next year.
Terry Gold, a principal analyst of D6 Research, presented a session titled “A Call for a More Responsible Security Industry.” He stressed the industry urgently needs to take collective cybersecurity action to preserve the confidence of its end customers and partners.
Gold said research shows that currently only 5% of end users are fully aware and concerned about cybersecurity. Integrators take note. That percentage can be expected to rise and expectations will be placed upon you to meet your clients’ expectations as a service provider and subject matter expert.
Also, don’t confuse “compliance” with “security.” Gold said regulations, such as HIPPA, are not a testament to security. What you need is governance based on specific controls, processes and environment.
Pamela Passman, CEO of CREATe Compliance, emphasized that attendees become very familiar with the NIST Cybersecurity Framework, a voluntary framework that consists of standards, guidelines and best practices to manage cybersecurity-related risk. Also, consider the broader value chain. Put controls in place to protect the confidential information of your end customers, and determine whether your third-party vendors have the capacity to protect your sensitive data.
Randall Frietzsche, chief information security officer for Denver Health, provided perspective on best strategies and practices that CISOs look to apply when working with third-party vendors. Some of his nuts and bolts advice for integrators included the need for ensuring default passwords get changed on installed security devices, as well as confirming firmware updates as part of due diligence.
If integrators can show end customers they have performed cybersecurity due diligence, and demonstrated their systems are cyber secured, “then you are at a competitive advantage,” Frietzsche said.
John Savarese, senior cybersecurity advisor for UL, discussed a standards-based approach for testable cybersecurity criteria during his presentation on the final day. Product development in today’s threat landscape demands “a holistic approach,” he commented, while citing research that forecasts 30 billion connected devices by 2020.
Among other fundamental corrective actions to mitigate data intrusions, Savarese said to limit remote access, understand attack vectors, and design and install isolated networks.
If you missed this year’s inaugural event, keep watch on the Cyber:Secured Forum website for information about a second annual installment being planned for 2019.
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!