Nocserv was able to attend the Houston Cyber Summit at the Federal Reserve Bank of Dallas – Houston Branch on Thursday, April 27th. This was a full day of panels and guests, all with the focus of strengthening the community in Houston to protect our citizens and companies against cyber crime. Some of the notable guests of the event included Bob Harvey, President and CEO of the Greater Houston Partnership, Special Agent Angela Haun from the FBI, John Wakefield, Harris County Assistant District Attorney, and Ed Gonzalez, Harris County Sheriff.
The first panel discussed Governance and Risk Mitigation for Board Members and the C-suite that dove into an interesting discussion about communication and involvement with board members for both for-profit and nonprofit organizations. The panel started with the discussion about how large data breaches over the last few years such as Target, Home Depot, Sony, and Anthem resulted in consequences for their board members including intense scrutiny, loss of positions, and even lawsuits from shareholders which set the tone for the rest of the discussion.
The positive that came out of those large data breaches, is that the boards of most organizations are now attentive and concerned about these matters so they can protect themselves from the negative consequences that can come with a data breach. The big take away for the session was that as security professionals and vendors, it is our responsibility to leverage that concern to be able to educate the board on why cybersecurity. Not only why cybersecurity is necessary, but also on issues that relate to their specific business and industry, so the board can evaluate their current vulnerabilities.
The next panel was a diverse group from several different industries discussing the areas of highest concern for businesses as it relates to cyber security. This discussion was much more tactical than the first and thus yielded some great advice for how to better protect your business and data. The overwhelming message was that their people (be it employees, customers, or contractors) are the biggest threat. "My biggest concern is not people getting in from the outside, its people getting out from the inside."- One panelist commented. Some of the recommendations were around password management including using a pass phrase like the chorus of a song with a tool like Lastpass instead of a 8-10 digit alphanumeric password. Also there was a lot of discussion about why every application should have multi-factor authentication, data encryption, and proper data removal and disposal. And of course education, education, education.
The lunchtime panel was about the practical challenges of political and regulatory decision making which was a very interesting panel between private industry and the relationship between public law enforcement and lawmakers. This includes the challenges lawmakers have with keeping pace with fast changing cyber crime. What was more interesting was the discussion about lack of knowledge in the industry leads to laws being written poorly that hold up in court when prosecuting these crimes. The discussion also covered the lack of training and resources that law enforcement has to enforce the cyber laws and the challenges for the district attorney’s office to take those cases to court.
The afternoon provided some very interesting sessions in the financial and healthcare industries. This included a panel discussion on security issues and practical advice for corporate and individual depositors. The panel consisted of executives from medium-sized Texas banks and an IT Examiner from the Federal Reserve bank that audits them. Also on the Fed side was the Vice President of Payment Strategies from the Federal Reserve Bank of Boston and the panel was led by the Assistant Vice President of Bank Administration for the Houston Branch. This discussion hit home for most of the audience because everyone does personal banking and could relate to a lot of the issues with payments and credit card fraud.
The financial industry is for obvious reasons the biggest target for criminals and thus has the highest level of regulation. What is even more interesting is they seem to have a very strong community amongst peers about sharing threats and information regarding cyber crime with through the Federal Financial Institutions Examination Council (www.FFIEC.gov)
The healthcare panel was about the Health Information Exchanges (HIE’s) and how safe are our Health Records actually are. The panel began with the cost of health records on the black market, between the panelist and the audience we had a range of $300 to as much as $2100 per record and then went into some of the techniques for protecting that data. We discussed both physical and cyber security within hospitals and about trust between HIE’s, patients, and physicians. The closing question was if the patient could request to not be a part of the Health Information Exchanges and the answer was no but you can request records about who has accessed them. I think that was little uncomfortable for some of the room to hear.
The last panel was the State of Workforce Readiness in the Region and was a panel
made up of several of the Houston area university cyber security professors including University of Houston, Texas A&M, University of Houston Downtown, and Houston Community College, as well as one high school, Eastwood Academy. Here we discussed the students that are studying to become the next generation of cyber security professionals and the importance of internships.
The evening closed out with a visit from Harris County Sheriff Ed Gonzalez who is committed to enforcing cyber law in the county. This was a terrific event, Nocserv was happy to be apart of it. Thank you to all the sponsors, Cyber Houston, the Federal Reserve Bank, and everyone else responsible for putting this event on.
Photo credit: https://energyconferencenetwork.com/houstoncybersummit/
Source: New feed