FiRe 2017: Listen Up, Equifax…
By Ethan Annis
In a tense session on cyber security, Robert Roy, CTO of Micro FocusGovernment Solutions HPE ESP, moderated and answered questions providing information regarding a few different terms and viewpoints in the cybersecurity world.
The session began with a history of cyber security. Roy recounted that back when cyber security was first dreamed up, people thought that security meant obscurity. In order to conceal their information, they thought it was best to hide it. People still view security in the same way. He cited Equifax as an example of this.
“Equifax didn’t protect data like they should have,” said Roy. “That information should have been protected.”
The conversation became heated as a question about personal identifiers brought up some opposing views. It was brought up that there are ways to protect that data, while others felt that data was already lost for good. Finally, the group came together in the agreement that information needs to be encrypted constantly. It was stated that if given enough time and money, any system can be compromised.
“The best way to keep a secret is to not have it,” said Roy.
A question was asked about the meaning of the term “full stack security”. Robert gave a great explanation of how there are different levels of security called application, presentation, session, transport, network, data link, and physical. Each of these layers have specific protections. If one layer is compromised, the hacker needs to get through the other levels in order to get to your information.
The final question of the session was: What can I do myself in order to better my security? The answer was to be your own data steward. It was explained that there are many services that exist to help us keep passwords strong, keep data secret, keep email files encrypted, and we ought to use all of them. Roy mentioned we also need to be wary of what we put onto the web and be careful of who we give our information to.