Cyberthreats Inevitable but Can Be Mitigated, Experts Say



Cyberthreats are inevitable and growing fast, but better coordination between the government and private sector could pay big dividends, a panel of cybersecurity professionals said April 24.

“There’s no such thing as cybersecurity,” said James Poss, a cybersecurity consultant who has led cyberteams in the Air Force and at the National Security Agency. “You can make things ‘secure-er,’ but you’re not going to stop a determined adversary.”

Poss spoke on a Bloomberg BNA-moderated panel at the National Association of Broadcaster’s annual conference in Las Vegas. Other panelists representing the Department of Homeland Security and the commercial cybersecurity industry took a similar view: cyberattacks on private companies and the increasingly connected world of government data and systems will only get worse and more persistent.

But, they all said, there are ways the military and intelligence communities can work with the private sector to reduce cyberrisks across the board.

Compared to the private sector, the government is home to better cyberexpertise and defensive cybersecurity practices, the panelists said. Stakes are higher, attacks more persistent and consequences for poor practices more enforceable in the military and intelligence world than among private companies.

Companies, then, can look to government counterparts as models for cybersecurity efforts, panelists said. They can demand employees do things like use strong passwords and multi-device authentication and learn generally about solid “cyberhygiene” — or else face repercussions. A large proportion of cyberattacks depend on either a bad actor in an organization committed to an inside job or, more commonly, careless cyberpractices that leave accounts vulnerable to hacking.

“Until we start doing things right, we’re going to be playing catch-up,” said Matthew Tirman, chief compliance officer at risk analytics consultancy PlanetRisk Inc.