- June 16, 2021
- Posted by: Pat Riot
- Category: CyberSecurity
In May our CEO, Jason Ford, spoke at the Loudoun County Chamber of Commerce Technology Committee regarding cybersecurity. While his talk was scheduled a few months ago, the timing was impeccable since that the general public was all made aware of or were personally impacted by the most recent cyber attacks on our oil supply delivery system and a meat packing plant to name a few.
The presentation focused on the past, present, and future of cybersecurity drawing on his past experiences in the technology, government, co-owning a cloud hosting business, and compliance. Jason talked about where he has seen the early days with cybersecurity (or lack thereof) to how far we have come to today. However, as he stated in the presentation, we still have a long way to go to ensure that hacks and breeches are far less common.
As this was a chamber event most of you were not able to hear Jason talk about what major shifts are happening in the cybersecurity space right now, however we were able to listen in to this talk and we wanted to share our thoughts with this article.
In the beginning Jason asked everyone “What do you think of when you hear cybersecurity” and not surprising for us the most common response was:
- Time Consuming
- Data privacy
We wish we could say that this is not a common response when people hear the word cybersecurity, however we hear this more often than not. Most business owners know that they need to do something, but it is not a high priority, until they become a victim.
In the early days of the Internet, security was not a word that was even mentioned or thought of. In the early days, Linux – a popular operating system used in public cloud hosting – didn’t even require a password, and the username was “root” which everyone who used Linux knew. If you had any holes in your network firewall or someone outside of your organization could connect to your computer, they had access without you even knowing it. This was possible only because a basic security concept of a password wasn’t enforced.
Jason also asked stated that the earliest form of Encryption dates back to 600 BC where the Spartans used a device called a scytale to send secret messages during battles. Obviously, the Spartans were not using the Internet, but they knew that they had to find a way to protect their information from bad actors even then. Encryption as we know it with computers started in the early 1970’s when IBM formed a group to design a block cipher, called Data Encryption Standard (DES), to protect customer data. This encryption was used until 1997 when it was cracked in 25 seconds making it no longer viable to protect sensitive information. Since then, more robust, sophisticated encryption software has been developed called 3DES and then Advanced Encryption Standard (AES). Surprisingly, most companies still do not use encryption for their devices even though implementation has become very easy and takes a few minutes to put in place on computers/devices. The Spartans knew they need to protect their information 2600 years ago, why don’t we want to now?
Jason moved into the future and where we think the future of cybersecurity will go in the next 5-10 years. As the cybersecurity space continues to evolve and become more common, data privacy and operation services will become easier to consume and more cost effective for all levels of business. Right now, the market is cluttered with many tools and software that you can buy however in order to use it or take care of it, you have to be a cybersecurity expert to get the value out of it. The ongoing day-to-day maintenance is a daunting task for any business trying to understand what each software does and if they even work with other tools in place today. As we progress as an industry, maturity will make these services easier to consume and pay for and honestly is why we started Steel Patriot Partners. This is the problem we solve for our clients who want to protect their sensitive data or their clients.
As most people are aware, President Biden put an executive order out recently talking about cybersecurity and the need for more of it not only in the Federal space but across all businesses. While we expect that most people did not read the entire 34-page order, we did and one of the key take away from the order was find ways to share threat information between Federal Government agencies and from commercial contractors to the Federal Government. This is a great first step to getting awareness started and formalized but we have a ways to go.
Here at Steel Patriot Partners, we are here to help you and your organization navigate this complex and tedious to maintain cybersecurity operations landscape. We live, eat and breath cybersecurity operations so your IT teams don’t have to.
Have questions about your current security posture or just curious about what threats out there that could impact your business? Reach out to contact us by whatever means is most convenient for you! Email: email@example.com Phone: 703-297-4405 or follow us on Twitter, Facebook, LinkedIn.