When Jack Barsky talks information security, it would be an understatement to say that he knows what he’s talking about.
The “doubly-retired” former KGB agent and retired information security specialist will be delivering a keynote presentation at the upcoming InfoSec Nashville conference on September 19, 2017, where he plans to share his experiences with the three critical issues facing the information security industry today.
The first of these problems is something that Barsky says can escalate much more quickly than people expect: senior management teams that discount or don’t understand the importance of infosec threats.
“I truly sympathize with folks who work in the trenches, who very often are not known to even be doing work because it’s only when something breaks that people point fingers saying, ‘What did you do about security?’” Barsky said. “But when everything is smooth and people are successful at fighting viruses and setting up firewalls and all that, nobody pays attention. It’s not sexy to the corporation; it’s not sexy to people who are just users of IT.”
Senior management teams are far from alone in this lack of awareness, however, Barsky notes in his second point. Despite information security’s recent exposure as a hot political topic, the public at large does not seem to be well-educated about the dangers we face even in our day-to-day lives.
Referencing last year’s presidential election, Barsky says, “I thought this might be a good time to raise public awareness about these issues, and I think we just blew a great opportunity to do so. Based on what I know, what I see, and what I’ve observed for a long time is there’s a tremendous lack of awareness amongst the American public, all of whom are nowadays users of technology, about the dangers lurking in cyberspace.”
While so much of the awareness that does exist focuses on dangers outside of the country, insider threats – social engineering, falsified backgrounds and stolen identities – are just as present, though often ignored, Barsky said about his third concern.
“If there’s a World War III that’s fought with nuclear weapons, nobody’s going to win. And I believe that if there’s a serious cyberwar that happens, I’m not sure anybody could win that one either,” he said.
Though the solutions to some of these problems are difficult, Barsky said, they are luckily not impossible. The first involves filling the gaps in awareness that seem to permeate society.
“We need to, as an information security community, find ways to band together and make this a priority, educating the American public, because this thing, this cyberwar – as most of the attendees know – is dangerous as hell,” he said.
And the second means reinforcing to senior management that information security is worth the time, money and interest, even if it might not seem so glamorous. This often requires a change in attitude.
“Communication is a two-way street. You’ve got to have somebody who can actually convey the message and somebody else who is willing to listen. And if your partner does not listen, then unfortunately, you can do all the communicating you can muster and it’s not getting anywhere,” Barsky said.
Once those conversations have been had, it’s up to the company, Barsky said, to rise to the challenge, going above and beyond industry or legislative standards to make certain that information security is being maintained.
“The government cannot issue rules that apply to a wide set of organizations and enterprises and believe that they’ve got every threat covered. It’s impossible,” he said. “If you just check the boxes, that’s good and well, but you’ve got to do more to deal with the specific issues that you know you have. And that takes some courage.”