Admittedly, Cyber Security is not traditionally in my wheel house, however I enjoyed the presentations and conversation at todays event presented by the Technology Association of Georgia (TAG) and hosted by Columbus State University. As the core competencies of Business Process Management (BPM) expand beyond process flow and execution and creep further into the whole that is Digital Transformation, cyber security concerns are ever present.
As a trusted advisor in process design and solution delivery, we often find ourselves testing, deploying and advising on hosted platforms, hybrid on-prem/off-prem, and private versus public cloud topologies. These all present different challenges in cyber security, threat detection and prevention. Especially in highly regulated industries like financial and healthcare where a breach not only undermines the trust of your customers but can rack up huge regulatory fines and license restrictions.
We heard from Frank Braski who is doing great work to spearhead innovation and entrepreneurship in the Columbus region. As the second largest city in Georgia, we have a lot of talent and opportunity here. Within a 100 mile radius, we have several Fortune 500 companies, 2 state universities (including an R1 Research facility in Auburn University) and the largest military base in the world! There’s no reason we should have companies investing millions outside of this area. Granted, where the military is concern, we have been hamstrung by government regulation dictating contractual agreements. Fortunately the times are changing and we hope to see the opportunities in that arena open a large way. Congrats to Frank and the work he’s doing to rev the entrepreneurial engine here.
Delta Data’s Chief Technology Officer, Eric Litz set the stage on the topic. An interesting fact he shared with us from a recent IBM Cyber Intelligence study: 60% of cyber attacks came from inside threats. Those individuals working from within, employees, contractors, vendors, etc.; 75% of those attacks with malicious intent. We all hear of those email phishing campaigns and dns attacks to bring down a site; but that’s staggering to think how close the greatest threat really is.
DJ Goldsworthy shared with us the work he’s doing at Aflac to manage cyber security. It was apparent the entire room was impressed with the level of maturity and work he and his team have accomplished. I can appreciate many of the tactics and methodologies he referenced in the discipline of cyber security. There is retroactive and passive review and then there’s iterative, responsive, pro-active, dare I say aggressive tactics to beating the cyber criminal. He’s pushing the envelope in the right direction to safe guard Alfac’s systems.
Jim Rumph with Porter Keadle Moore talked about the Business Impact of Cyber Security, at topic that certainly strikes a chord with me. It’s not only the data and systems the one must protect and lose sleep over, it’s the reputation of the company and the trust and security of your customers that you’re protecting. Some staggering statics out of an FBI study report $1.33 BILLION in loses due to cyber intrusion and theft; and that’s only of those that report… I’m quite sure that number is higher given the sensitivity of even reporting such occurrences. On average, companies plan to budget over $11 million annually on cyber security concerns according to a recent Accenture study.
Attivo Networks was a key sponsor of the event. Matthew Parker gave a brief, though informative, presentation on the software solution Attivo brings to the table to help manage the cyber threat. Their solution is quite innovative in focusing on the deception and detection angle of the cyber threat. Some intrusion is inevitable, but what then? What does the intruder see, where do they find themselves on your network and how far will they go? Attivo sets the trap, entices the criminal, and slams the door once captured.
It was nice to connect with this group of professionals and shed some light on the cyber threats and best practice techniques to combat those concerns. The conversation hovered around the cloud conversation and the nuance that brings as well. I couldn’t help but think about how RPA (Robotic Process Automation) impacts the concern. On one hand, obscuring back office systems from users and exposing only to those controlled robotic interfaces may help with the insider threat. On the other hand, the potential to automate intrusion and gain access to more exposed systems increases the risk…. but that sounds like another blog post!