How to Secure the New Frontiers of Cybersecurity
June 3, 2016
The FTC continues its push into the new frontiers of cybersecurity with its fourth “Start with Security” event.
Coming shortly on the heels of its partnership with the FCC to investigate the security parameters of mobile devices, the event demonstrates new frontiers of cybersecurity issues in the modern economy. Broken into four panels, the event seeks to cover the general concerns of any business operating in the digital space.
The first panel will discuss how cyber security issues have become so pervasive that they no longer exist in the realm of specialized departments speaking in strange jargon.
Just like corporate culture adapted to the telephone and email, it must adapt to the constraints and concerns of cyber security so that every person working for the company generally understands how to work with security in mind as, more often than not, careless or uninformed employees cause security breaches.
Therefore, the most important concept and policy for any company is establishing a corporate mindset of cyber security. To that end, businesses need to be aware that cyber security has diverged so much from regular IT work that it truly does require another dedicated group to manage.
The next panel is about cyber security integration in software development and deployment.
It will cost more money upfront to integrate another complication into the development process, but it could save more money in the end. Much like builders would rather construct a building right the first time rather than retrofit it, companies should develop and deploy new software with robust cyber security built in.
As a corollary to the second panel, the third focuses on working with third parties. As anyone who has worked with HIPAA knows, this represents a serious problem. Third parties with system access (such as credit companies, software companies, contractors, etc.) can also be an Achilles’ heel to those systems. Even with the best cyber security parameters, if you grant access to a third party with inadequate cyber security, then your company will be exposed. Thus, companies should perform due diligence on any third party wanting system access.
The last panel addresses the nuts and bolts of cyber security—network security.
The real problem with cyber security is that the more secure one makes a network the less functionality and ease-of-use that network will possess. So, fundamentally, good cyber security practices are a balancing act between ease-of-use and protection. Finding that equilibrium is unique to each company and needs to be continually assessed to adapt to the rapidly advancing arms races between network attackers and defenders.
Ultimately, the best cyber security practice is having a corporate culture well informed of attacker’s methods and your system’s defenses.
About the Authors:
Fernando M. Pinguelo:
Fernando M. Pinguelo, a trial attorney and Chair of the firm’s Cyber Security & Data Protection and E-Discovery groups, devotes his practice to complex litigation with an emphasis on cyber security, data privacy, media and employment matters. A former prosecutor, Fernando’s experience addresses all facets of litigation (trial, mediation, arbitration, appellate) in both federal and state courts and he regularly handles “crisis litigation,” including emergency applications with the courts. Most recently, the leading global information services company retained him to address data breach incident reportedly involving the theft of 15 million customers’ sensitive data.
Kurt M. Watkins, Co-Author:
Kurt M. Watkins is an associate with the firm. Mr. Watkins focuses his practice on Corporate Structuring and Cyber Security Law. Coming from a technology industry background, he is proficient in computer software and hardware and has a concentration in Intellectual Property.