Expert: Take a military mindset to cybersecurity

By Mike Lewis
mlewis@crossroadsbizjournal.com

By Mike Lewis
Sean O’Brien, president of @RISK Technologies, speaks to a Business Over Breakfast gathering co-sponsored by BCT-Bank of Charles Town in West Virginia.

MARTINSBURG, W.Va. — The basics of cybersecurity are simple if you have the right mindset, according to Sean O’Brien.

“Everything that is happening in cybersecurity has happened in standard (military) practice since the beginning of time. … What am I trying to defend, and what is the territory it sits on? … It’s simple. … fundamental, simple things,” O’Brien said.

The problem, he said, is that companies, organizations and IT professions are so busy with day-to-day tasks that they skip over the fundamentals.

“Only about 15 percent of companies know what they own,” O’Brien said.

And he compared poor online choices to “an 18-year-old having unprotected internet.”

O’Brien is the president of @RISK Technologies, a security management company based in Dallas. He has served an Army Ranger and mixes lessons learned in the military with his background in mathematics and engineering. He was the featured speaker during a recent Business over Breakfast, hosted at the Hilton Garden Inn in Martinsburg, W.Va., by BCT-Bank of Charles Town and USI Insurance.

Before O’Brien spoke, Alice Frazier, BCT president and CEO, said cybersecurity threats are among the things “that keep me up at night.” As a bank, she said, “We see the bad result of a cyber security situation.”

And Andy Teeter of USI warned, “It’s going to be scary, but I think that it’s going to be helpful to everyone in this room.”

‘Windows and doors’

Businesses can start to protect their systems by knowing some of the basics about the software and hardware they own. He compared access to the internet with access into a building.

“Every piece of software you own has a limited number of windows and doors it should be using,” he said.

Protection begins with “closing” the windows and doors that are allowed but unneeded, he said. Businesses can start by making a spreadsheet of what they use and those “windows and doors.” From there, he said, a computer firewall can be told to block everything else.

“The firewall would be 10 times more effective if you just knew what you own,” he said.

He said he finds that business leaders are often too busy to see to those details.

Knowing the hardware and software inventory also is important to property assess risks and acquire appropriate insurance to cover it, he said.

“I’m guessing 95 percent of you in this room are underinsured,” O’Brien said.

‘You’re on your own’

Many threats come from overseas, he said, reminding the audience that most of world’s nations have a lower per-capita income than the United States.

“They all view us as gazillionaires,” said O’Brien, who has traveled to several countries around the globe. “We’ve got to take off the American glasses, because they’re rose-colored. … People are stealing from you because they’re broke.”

The threats can vary from sophisticated attacks launched by foreign governments to simple hacks by bright teenagers who are looking for some quick cash.

“The war for our democracy is in cyber(space). … Economically we’re incredibly vulnerable,” he said. For those who take cybersecurity seriously, “I can thank you for your service, and I’m not being trite.”

He returned to that theme toward the end of the morning presentation.

“There is no equivalent of the 82nd Airborne for cyber,” he said. “You’re on your own.”

Insurance

After O’Brien’s talk, Holly Scott and Donna Roberts, representing Travelers, talked about insurance coverages for computer breaches. They did not pitch specific polices, but talked about broad areas that can be covered. Those range from a loss of reputation to monetary losses suffered by the businesses and its customers.

Because the nature of cybersecurity threats change so quickly, they recommended that businesses review their policies often.