Roberts is a Cyber Security Institute of San Diego founder, former president and CEO of Cubic Defense Systems, San Diego regional cybersecurity leader and FHOOSH Security Advisory Board member.
“The performance advantage also should have been obvious. When the FHOOSH team characterized how their platform processes data… it’s not a linear advantage, it’s an exponential one. When data is broken up, as it is with FHOOSH, it takes significantly less time to encrypt and store, so you get performance gains.”
Q: What trends do you see affecting data security most this year?
A: The growing awareness of the need for cybersecurity. Ten years ago, too many consumers and organizations really didn’t understand the risks and challenges associated with cybersecurity. As a consequence, the commercial world just didn’t create secure products. With today’s growing appreciation, we see firms starting to represent themselves as having strong security capabilities, and users showing they’re willing to pay a premium for those capabilities. The issue now is you have to be well enough versed to assess whether the security claims are for real. I see many companies that talk about security, but when you push at it, the answers don’t give you confidence that they really understand the problem.
Q: What is the biggest security loophole companies often fail to address?
A: Candidly, the obvious answer is employees. All employees, including senior employees, have to be committed to meeting policies and procedures their organizations put in place even if the policies aren’t the most convenient. The culture of a firm is the toughest challenge. Sometimes a C-level team member will agree with all the policies, but in the end, wants special provisions for one reason or another. They need to understand that giving them special capability creates a back door that someone could exploit. Once you finally get everyone on board, then you need to tackle that firm’s international offices, their partners, and anyone else that has access. It can take years.
Former NSA Director of Information Assurance Dick Shaeffer said 85–95 percent of cybersecurity problems are housekeeping: policies, procedures and effective implementation management. When you talk about updating a system to the latest revision or to the latest patch, you need a commitment that you’ll take the system down and not bring it back up until every last device is brought up to the next level. If you don’t update even just one device, it leaves you vulnerable.
Mobile devices add a new level of challenge. With mobile, every person is their own access point and their own risk. While BYOD creates a cost advantage for the enterprise, it’s an additional set of problems that most organizations manage by restricting the set of devices people can use or bring in. They can monitor access within a facility to Wi-Fi etc., and can shut it down as needed. But not all mobile devices are as secure or as easy to monitor.
Q: What do you find have been the most significant challenges and advances in cybersecurity over the past few years?
A: The Challenge: The emergence of electronic health records and large genomic databases. Earlier, in the financial world we learned credit card numbers were the greatest risk. The financial industry responded by making it easy to shut down a credit card. With health records, it’s not easy. They’re permanent records so you can’t shut them down and switch to a new set. We’re now making extensive use of health record and large genomic databases for research. So these databases have never been larger. It’s made healthcare information the greatest financial reward to the hacker. We have to balance the good of these electronic health record systems (treating patients, and looking to diagnostics and treatment successes); the upside is huge, but with it comes greater risk.
The Advance: Data analytics: Electronic health records give us the ability to look for patterns, and patterns give us the greatest indication of emerging threats. It’s one that holds the greatest promise and the greatest challenge. The larger the database, the larger the opportunity to mine it, but the bigger the target it presents to hackers. Our new challenge: How do you monitor patterns of use to look for threats, as opposed to legitimate access to those records for analytics.
The concept of being able to dramatically increase protection associated with large databases now also offers the performance advantage. Based on the way FHOOSH manages to encrypt and store data, it gives organizations the chance to have both security and some significant performance increases.