Last week, nearly two dozen of the nation’s leading cyber security experts convened in Minneapolis for a two-day Security Summit hosted by Target and moderated by The Chertoff Group. The event brought together leaders to work together to advance cyber threat information sharing and collaboration through public-private partnerships. This was the third time that Target has brought a group of experts in the public and private forums together for similar efforts.
Target’s vice president of corporate security, Ralph Boelter, convened the group. He explains, “At Target we have long recognized that cyber threats don’t impact any one company in isolation. This is an issue that touches all organizations, both private and public. Taking a leadership role on this is consistent with Target’s ethos. And following the data breach we experienced last year, we embrace that our leadership is more important than ever.”
Following the Summit, several of the participants shared their perspectives on the biggest security challenges and threats as well as the role of the private sector in addressing emerging threats.
Brian White, Principal, The Chertoff Group
Q: What is the biggest security challenge facing us today, and why?
A: Cyber is something that is really crystalizing as the biggest challenge in the private sector, and not just because of recent events. As the sophistication of cyber-attacks grows, the importance for the private sector to respond is simultaneously increasing. This cyber threat is shared by all industries within the private sector and requires collaboration to successfully respond and prepare for future attacks.
Kiersten E. Todt, President and Managing Partner, Liberty Group Ventures, LLC
Q: What is one thing every executive should know about cyber security?
A: Our adversaries are not always sophisticated, but they are opportunistic. And leadership needs to realize that cyber security is not only an IT problem. Its impact is company-wide and executives need to look at cyber risk and its impact the same way they look at more traditional risk, like financial, brand, and reputation risk.
It’s also a cultural issue. When you think about an issue like workplace safety, you would not think to pull or cut back on programs and resources that make a workplace safe, but that was not always the case. Cyber security is headed in that direction, but the question is how do you change culture enterprise-wide? When you have employees who are invested in the company and you have leadership demonstrating commitment and providing direction, culture can be changed at a faster pace.
Timothy Murphy, Vice President of Corporate Compliance, MacAndrews & Forbes Holdings Inc.
Q: What is one step this group could take to combat emerging tactics of insider threat?
A: There are more efficient ways to transmit and exfiltrate data and there are more and more vulnerabilities as the amount of information insiders have access to increases. Insiders can easily share information with outsiders, and until the trust is violated individuals are trusted insiders.
One thing we can do is to continue to build awareness through ventures like public-private partnerships to help individuals and organizations identify threats and protect their environment, but it’s also up to the organization and agencies to have the internal controls and systems in place to help prevent, detect and respond to threats.
Michael Mason, Chief Security Officer, Verizon Communications
Q: What is private sector’s role in national security, and more specifically, cyber security?
A: I think the two are very closely linked. A failure in safeguarding our proprietary information can potentially turn into a national security problem. Our responsibility is to provide the highest level of safeguards possible to protect that information, and that means we can’t be incident driven, we need our teams to be ready and forward looking at all times. If we’re not constantly upgrading skills of our employees, those skills will quickly begin to degrade and become irrelevant.
The government can’t safeguard everything and as a result, we need to help fill the gaps and maintain the security of our own networks. We have a vested interest in maintaining the security of our network as it is tied to all the services we deliver to customers. Whereas it is highly unlikely we can defend against every threat, we must continuously evolve our defenses just as the bad guys who are constantly trying to find the vulnerabilities within our networks.
Ralph Boelter, Vice President of Corporate Security, Target
Q: What are the next steps for the group and the ultimate end goal?
A: Innovative, new thinking is an imperative in this arena, and our goal is to help elicit just that. Not only through a role in our own ventures like the summit, but through our commitment to organizations like the Financial Services Information Sharing & Analysis Center (FS-ISAC), and the Retail Industry Leaders Association’s (RILA) newly launched Retail Cyber Intelligence Sharing Center (R-CISC). In Target’s position on the board we will have an active role in the sharing of cyber threat information among retailers, analysts and public and private organizations, the development of resources for advanced training and education, as well as the creation of the country’s first Retail Information Sharing and Analysis Center (R-ISAC).
Make no mistake, this is hard work. The problems are universal and complex. We are seeing people come to the table thinking logically about the problems, identifying priorities, listing some of the strategies for further development, identifying specific problems and then building out approaches to deal with them that encompass both the public/private sectors. We are just getting started, but believe that having the commitment of key partners across the country will ultimately benefit all consumers.
Don’t miss out on the latest Target news and behind-the-scenes happenings! Subscribe to our bi weekly newsletter and get the top stories from A Bullseye View delivered straight to your inbox!