Jim Motes, Vice President, Information Security, Kohler, examined how an organization can take a community approach to cybersecurity in his keynote presentation to Argyle's CISO membership at the 2017 Chief Information Security Officer Leadership Forum in Chicago on May 4. In his presentation, "A Community Approach to Cybersecurity," Motes described how organizations can use a community approach to protect their corporate operations, intellectual property and critical systems.
According to Motes, a community approach to cybersecurity can make a world of difference to organizations of all sizes and across all industries. With this approach, an organization can empower its employees to work together to mitigate both internal and external cyber threats.
Cybercrime is increasing around the globe, Motes pointed out. As cyber threats become more advanced, organizations must be able to protect their sensitive data against these dangers, or risk revenue losses, brand reputation damage and data breaches.
"There is nothing better than making a lot of money without exposing yourself physically to a crime scene," Motes said. "[Cybercriminals] can hide behind numerous parties … and are typically well-funded and well-trained."
Although federal agencies offer some cybersecurity support, these agencies often take a reactive approach to cybersecurity. Thus, an organization needs to employ skilled cybersecurity professionals who can find ways to mitigate the effects of cyberattacks before they escalate.
"Federal law enforcement agencies are not interested in stopping cybercrime. They're interested in enforcing it," Motes indicated. "Fighting [cybercriminals] is becoming more difficult, and getting the talent to fight these guys is becoming more difficult."
"All of our cybersecurity efforts don't really matter unless we have the ability to respond."
However, the demand for skilled cybersecurity professionals is growing, and this trend shows no signs of slowing down any time soon, Motes noted.
"There is a serious shortage of qualified people in the security market," he stated. "We have a negative unemployment rate in our industry … so at the end of the day, we find we're standing on our own quite often."
There also is a wide range of cybersecurity data available to organizations, and this information may prove to be exceedingly valuable, Motes said. But allocating the time and resources to collect and mine cybersecurity data and gain deep insights from it can be extremely difficult.
"We get a lot of information, and doing something with it is really the challenge for us," Motes pointed out. "The information we get is often trailing what is actually happening in our own networks."
Ultimately, organizations require real-time cybersecurity data, Motes said. With this information at their disposal, organizations can take fast, effective response to cyber threats.
"We really need immediate threat data," Motes said. "The data needs to be original, focusing on one thing and one time that we need to look at."
In addition, organizations must understand the immediate and long-term ramifications of a community approach to cybersecurity to optimize their everyday cybersecurity efforts, Motes pointed out.
A community approach to cybersecurity ensures an organization can teach its employees about cyber threats and help them become active contributors to a cybersecurity plan, Motes said. That way, each worker can support an organization's efforts to resolve cyberattacks time and time again.
"There is a serious shortage of qualified people in the security market."
Using a community approach also helps an organization overcome the challenges associated with a lack of skilled cybersecurity professionals and the limited time and resources that are available, Motes indicated.
"We don't have all the resources to take on threats," he stated. "Most of us don't have an unlimited budget. Unless you're in the security business, your company probably does something else."
Over time, an organization can gain insights into cybersecurity issues and use data to support its cybersecurity decisions as well, according to Motes.
"Security is an enabler, but you're probably still fighting with other departments to get budget and to get support," Motes said.
It takes a team effort to develop and deploy a successful cybersecurity strategy, Motes stated. As such, an organization should focus on finding ways to include multiple departments in the creation of a cybersecurity plan.
If an organization implements a community approach to cybersecurity, it can boost the security within all departments, Motes said.
This organization will be able to keep track of cybersecurity patterns and trends and uncover the best ways to resolve cybersecurity problems, Motes stated. Moreover, the organization will be able to respond to cyberattacks faster than ever before, thereby reducing the impact of these attacks on the organization, its employees and its customers.
"All of our cybersecurity efforts don't really matter unless we have the ability to respond," Motes indicated. "And that ability is based on the talent and the people that you have on hand."
Jim Motes joined Kohler Company as Vice President, Information Security in April of 2016. Jim’s responsibilities include information security governance, strategy, vision, security operations planning and execution. Prior to Kohler, Jim was the Vice President and Chief Information Security Officer at Rockwell Automation where he was responsible for information and physical security governance, policy, and strategy. Before joining Rockwell Automation Jim also served as Vice President, Information Security for Invensys, Chief Information Security Officer at Perot Systems and Director of Director of Security Engineering and Operations at Affiliated Computer Systems. Jim also served as a commissioned officer in the United States Army including a tour of duty in the Middle East during Operation Desert Storm as an M1A1 heavy tank platoon leader. Jim is a Certified Information Systems Security Professional, Certified Information System Auditor, Certified Information Security Manager, Certified in Risk and Information Systems Control, certified in the Governance of Enterprise IT, is National Security Agency InfoSec Assessment Methodology Certified and has an undergraduate degree in Business.
Jim spends his free time traveling with his wife, is an avid photographer and antique automobile buff.