FBI Chief Information Security Officer Arlette Hart examined the future of cyber security and how businesses can find the right balance between privacy and security concerns in her keynote address to Argyle's CISO membership at the 2017 Chief Information Security Officer Leadership Forum in New York on Feb. 2. In her presentation, "Cyber Security: Where Do We Go From Here?," Hart offered tips to help businesses address the most pressing cyber security challenges.
According to Hart, technology has revolutionized the way individuals connect with one another. Smartphones, tablets and other mobile devices have led to the creation of an always-on, always-connected global marketplace.
In addition, state-of-the-art technologies have transformed the way business is performed. Consumers now can shop for products from any location, on any device, at any time. Plus, consumers can complete digital transactions without the physical presence of money – something that has forced many businesses to rethink the way they operate.
"Our world is changing. We have disruptive technology and technology displacement," Hart noted. "Money isn't physical anymore. … The things that used to be digital are now logical."
Businesses also must account for data security and privacy concerns related to mobile devices. They must recognize that data offers increased visibility, which may prove to be a double-edged sword.
"Technology is not a value proposition. Technology does not have values. It does not care who uses it."
The sheer volume of data that is available on mobile devices is overwhelming. Businesses today are responsible for collecting and analyzing consumer data to learn about customers. At the same time, companies must secure consumer data, or risk exposing customers to myriad cyber dangers.
"All of this data has aggregation components where you can be much more visible to other people," Hart said.
Although many businesses understand that cyber risks exist, few companies allocate the necessary time and resources to minimize such problems. Hart noted that few businesses understand the benefits of an effective cyber security strategy as well.
"I think we undercalculate risk, and I think we also undercalculate benefit," she stated. "Without IT, we would be much slower, and we would not be able to push the envelope the way we push the envelope."
With an in-depth approach to cyber security, a business may be able to organize and safeguard data effectively. By doing so, this company can minimize cyber threats across all areas of its operations.
"[Data] is complicated not only within your organization, but it is complicated across your organization," Hart pointed out.
Conversely, businesses must consider both the usability and security of mobile devices in conjunction with one another.
The use of consumer devices for enterprise purposes is becoming exceedingly common, and as such, companies must deploy cyber security tools that protect sensitive data at all times.
"All of the data that is on [a consumer device] is going places," Hart stated. "Consumer devices are ubiquitous, they're hard to get away from and it is a very volatile [consumer device] market. And what is always true is that cool trumps safe every time."
Failure to secure sensitive data may cause immediate and long-lasting problems for a business. In fact, a lack of cyber security protocols and programs may put a major dent in a business' bottom line.
"[Data] is complicated not only within your organization, but it is complicated across your organization."
Hart pointed out that Target and other globally recognized brands have suffered data breaches that cost millions of dollars to mitigate. Companies of all sizes are susceptible to cyber dangers, Hart said, and must be able to identify and address these problems before they escalate.
As new technologies become available, the cyber threat landscape will continue to evolve. Meanwhile, companies that lack cyber security strategies risk cyber attacks from both inside and outside of a business.
"Technology is not a value proposition. Technology does not have values. It does not care who uses it," Hart said.
If a business prioritizes cyber security, it can understand the costs associated with mitigating cyber dangers. By doing so, a company will be able to map out a strategy to manage cyber risks, along with the costs associated with them.
"Cyber security has its cost," Hart noted. "Cyber security is the brakes on a car, but we can't drive it from the straight risk perspective. We have to look at it from a mission enablement perspective."
For today's businesses, cyber security may serve as a key differentiator in a number of areas.
With effective cyber security protocols in place, a company will be able to safeguard its sensitive data, reducing the risk of brand reputation damage and revenue losses due to cyber attacks. Furthermore, a company may be able to provide its employees with safe, effective mobile devices that they can use to complete day-to-day tasks, which may help a business attract and retain top talent.
"You can't afford to lose your workforce these days," Hart said. "You have to make sure that your workforce is happy enough to stay with you because retention is a very big problem."
Arlette Hart is the Federal Bureau of Investigation’s Chief Information Security Officer. She is responsible for insuring appropriate information security protocols are in place, that data and networks are protected, so they can be used where and when FBI employees and partners legitimately need them. This requires a walking a fine line between sharing and securing information technology assets and data.
In her role as CISO, Ms. Hart builds coalitions across the FBI, with government partners, and with private industry to shape the direction of cyber security and drive innovation. She is the executive in charge of the Bureau’s Operational Cyber Security Program. Ms. Hart directs FBI information assurance capabilities, ensures baseline compliance and ongoing monitoring for external and internal threats. Ms. Hart brings technology management and deployment skills to drive effective security architecture from the perimeter to the host. Her areas of expertise include the advanced persistent threat, insider threat, intelligence, technical discovery, investigation, and assessment and mitigation of compromise. She joined the Bureau 2010, after working with the FBI as a contractor for several years. Ms. Hart has a Bachelors’ Degree from Geneva College and earned a Master’s Degree from Georgetown University.