ISACA CEO: Insights from White House Cybersecurity Summit

After attending the White House Summit on Cybersecurity and Consumer Protection, I agree with the paradox raised by President Barack Obama—the very technology that can be used to do great good can also be used to imperil us and do great harm. The President labeled cybersecurity threats as one of the most serious economic national security challenges today.

While the resolve of CEOs and government leaders for more global collaboration and information sharing was encouraging, I found it even more reassuring to hear them recognize the need for significantly more skilled cybersecurity professionals. Cyberattacks are damaging enough when intellectual property, personal information and emails are stolen; but the potential for attacks on water and electrical systems and even your car or pacemaker would be far more catastrophic. Cybersecurity is a matter of public safety and must be treated as such.

There is no question that businesses, academic institutions, civil society and governments must, as President Obama emphasized, work together like never before. This unprecedented level of collaboration is essential to stay ahead of our cyber adversaries. The bad actors share information when launching global attacks, so we must improve real-time information sharing among industry sectors and nations. This will help proactively identify attacks and techniques, and enable cyber experts to take immediate action.

To effectively do this we need more skilled professionals on the front lines and a cyber-safety mindset throughout every organization. For far too long, companies have either avoided dealing with the threat from cyberspace or have quietly tried to address it alone. But this is no longer enough. The risk has grown exponentially and substantially greater investment in technology and training for new cybersecurity professionals is urgently needed.

ISACA first identified this gap more than 10 years ago and has teamed with leaders in business and government to develop relevant training and certifications in information security and cybersecurity. Last year’s launch of Cybersecurity Nexus (CSX) brought together guidance, career development, skills-based certification and ongoing training for cybersecurity professionals at every stage of their careers. We will continue to evolve CSX as the role itself evolves and the skills requirements and threat landscape continue to change.

It is also vital for organizations to partner and develop high-impact public awareness campaigns that create a more cyber-aware society. People of all ages and walks of life play a very important role in reducing the effects of cyberthreats.

In the wake of the White House Cybersecurity Summit, I see the following as top priorities:

• Conversations lead to solutions. Government and industry alike must continue to gather the insights of experts and translate these ideas into action.
• If it is connected, it is vulnerable. Manufacturers need to build security in from the inception of new connected products.
• Beat the drum. Consumers need to be made more aware of the importance of security when they’re considering connected cars, appliances, medical devices and other items.
• Train and educate. Increase investments in building cybersecurity skills and knowledge among all members of the workforce.

Cybersecurity is everybody’s business—it is a global issue, a critical need, and it deserves our undivided attention.

Matt Loeb
CEO, ISACA

[ISACA]