Predictions Series 2022: AiThority Interview with Lisa Plaggemier, Executive Director at National Cybersecurity Alliance
Hi, Lisa. Welcome to our Interview Series. You have an enriched background in cybersecurity and data management. Please tell us a little bit about your journey in this industry and what inspired you to be part of this ecosystem?
There is a large communication gap between cybersecurity professionals and the rest of the world. We sometimes struggle with using the language of risk, or find it hard to inspire people to change their behavior. It was that challenge that attracted me, especially as someone with the creativity and soft skills required to more effectively champion NCA’s message to stakeholders, business leaders and consumers alike.
What has changed in the cyber security industry in the last 3 years?
The last three years have been a major learning experience relative to understanding cybersecurity’s impact on everyday life. At a high level, the pandemic created a larger threat landscape as people’s professional and regular lives blurred, foreign threat actors have become bolder in their attacks on US critical infrastructure and enterprises and we’ve seen greater investment in the cybersecurity space in general.
All of these developments, however, have helped advance the approach to cybersecurity in a relatively short time frame. The increased frequency of attacks have drawn more attention to the vulnerabilities our country has to grapple with – within private and public sectors – and has urged leaders to make cybersecurity a priority. We’re seeing security training becoming a bigger priority in the workplace; an increase in government legislation and guidelines for shoring up federal cyber defense; and an overall greater value being placed on championing the average users’ role in maintaining cybersecurity hygiene in connected environments.
Many online users fall prey to scams and frauds while shopping online. What are the biggest threat vectors that target online shoppers?
The biggest threat vectors are those that have worked and will continue to work because they’re low-tech, low-effort and target users who may not be aware of risks. Phishing, social engineering attacks, fraudulent credit card alerts, malicious links and spoofed emails/websites are all examples of common threats that can easily fool many people. If successful, bad actors can steal victims’ money, personal data, their identities and more.
What is preventing people from adopting safe online security practices? What advice do you have for our readers who spend a bulk of their earnings shopping online?
According to our 2022 Oh Behave! Report, which we published ahead of Cybersecurity Awareness Month this year, there are a number of different factors contributing to a lag in adoption of safe practices. The main reason is that people feel in the dark about how to do it. Our report found 46% of those polled felt frustrated in their efforts to stay secure online, and 39% of users felt information about it is confusing. Some people are challenged when it comes to understanding how cybersecurity and devices work. Nearly a third (35%) presumed that their devices are automatically secure.
The last two years have accelerated digital transformation for businesses of all sizes and stature. What has been the biggest lesson for you that helped you stay on top of your product management? Would you like to share your pandemic experience on how you managed to continue your development works and research during the uncertain times?
The blurred line between home and work has made it more important for employers to talk about cybersecurity in ways that apply to the workforce and their families personally rather than just in their roles as employees. Training and awareness programs need to inform employees about things like changing the default password on their home router, the importance of MFA, and how to identify and deter attacks like business email compromise (BEC) attempts – all of which translate to ways we approach online activities outside the workplace.
Your take on the future of data science and AI in the cybersecurity domain:
I would say the future is already here. There are a collection of vendors using AI and data science to augment their existing offerings. There are Network Detection and Response (NDR) vendors that use data science techniques and AI to parse through incoming and outbound network packet traffic as a way to identify anomalies or attack risks. Security Orchestration, Automation and Response (SOAR) uses AI to learn and predict threats (often using cyber playbooks like the MITRE ATT&CK framework to inform the machine learning process). The applications for both are quite vast and I think we’ll increasingly see automation take root across the vendor ecosystem, especially as the inevitability of consolidation and M&A among companies becomes more commonplace.
Some advice to business leaders who are looking to invest in the mobile app, cloud security/ AIOps:
Make sure you’re investing in proven technologies. There’s so much overlap among cybersecurity vendors in terms of the services they provide, so do your research when adding to your organization’s tech stack. Make sure that your organization’s security team – or Managed Security Service Provider (MSSP) – knows how to integrate these technologies safely into your tech stack and that there is careful vetting of any vendors to avoid third-party risks in the long run.
And finally – be wary of anyone who tells you they can solve all your cybersecurity needs under a ‘single pane of glass.’ You’re likely to experience more threat coverage gaps than expected in the long run if you imagine there’s a silver bullet for all vulnerabilities.
Thank you, Lisa! That was fun and we hope to see you back on AiThority.com soon.
[To share your insights with us, please write to email@example.com]
Lisa Plaggemier is Interim Executive Director at the National Cybersecurity Alliance. Lisa is a trailblazer in security awareness and education, and is a prominent security influencer with a proven track record of engaging and empowering businesses and their employees to protect themselves and their data.
Lisa has held executive roles with the Ford Motor Company, CDK Global, InfoSec and MediaPRO, and is a frequent speaker at major events including RSA, Gartner and SANS. She is a University of Michigan graduate (Go Blue!) and while she wasn’t born in Austin, Texas, she got there as fast as she could.