Senior managers representing the FBI, government, health care and international business gathered at Penn State Abington for a public forum on current cybersecurity issues.
The panelists agreed businesses and individuals must prepare to mitigate threats, which are growing exponentially, and avoid the hype surrounding the most recent hacks.
“Priorities are response and education, people,” James Carty, chief security officer for the FBI Philadelphia Division, told the crowd in the Lares Union Building. “And response is much more important than trying to prevent every possible situation.”
Cathy Beech, the chief information security officer at Children’s Hospital of Philadelphia, explained hackers are constantly trolling networks in low-level areas searching for vulnerabilities they can exploit to eventually access more critical data.
“Priorities are response and education, people.”
-- James Carty, chief security officer, FBI Philadelphia Division
Education, a key component of cybersecurity planning, should not be limited to technical employees or managers. It’s a top down, bottom up issue, according to Nancy Horvath, deputy chief information officer of Bucks County.
“Assess your current environment through a cross-functional team that includes accounting, legal, IT," she said. "You should listen to different perspectives, which helps find vulnerabilities.”
Beech advocated for consistent education to prevent compromises.
“People are the weakest defense. Focus on how you respond and help the workforce understand actions they can take to prevent attacks,” she said.
“Assess your current environment through a cross-functional team that includes accounting, legal, IT."
-- Nancy Horvath, deputy chief information officer, Bucks County
Andy Santacroce, a 1988 Penn State graduate and vice president for global technology at BDP International, said compartmentalization and minimizing intersections are critical.
Santacroce explained that BDP's business is similar to a worldwide travel agent for hazardous and high-value cargo. Some threats are unique to its industry, but the principles apply to all. For example, many companies use asset tracking devices.
“Asset tracking devices are wonderful. But if the network is compromised, the shipment becomes a target since the pirates know exactly where to find it,” Santacroce, chair of the Abington advisory board, said.
“Asset tracking devices are wonderful. But if the network is compromised, the shipment becomes a target."
-- Andy Santacroce, vice president for global technology at BDP International
The audience at Penn State Examines: Cybersecurity included professionals and Abington students. The panelists offered advice for hiring and suggested specific courses so students can increase their marketability.
Aside from technical skills, students should consider psychology, Chinese, law and business courses. Horvath, a certified public accountant, suggested auditing and forensics coursework to learn to look for vulnerabilities.
"The Penn State program is very thorough and lays a great foundation," she said. "Technology changes are astonishing so throw yourself into it and be open to opportunities. Stay on top of changes."
Bert Max, from Abington Continuing Education, moderated the discussion. It also covered best practices to keep personal information, devices and networks as safe as possible.
Learn more about educating your workforce on cybersecurity issues by contacting Penn State Abington Continuing Education.