On a day where thunderstorms filled the weather forecast and the Houston Astros prepped for a Game of Thrones themed night, IT professionals from various industries across Greater Houston made their way to Minute Maid Park for our expert panel event, "Cybersecurity Heavy Hitters."
We opened the Champion Pavilion Suite to our guests for an opportunity to network with their peers. Soon after, the chats throughout the room shifted from tech talk to baseball banter as Astros president, Reid Ryan, entered the room.
Ryan took the stage with Accudata CEO and panel moderator, Patrick Vardeman, for a quick discussion and Q&A on the home team and their security efforts.
"There’s not that many people who want to hack our data. So we don’t have to worry about a ton of people out there. But we do have to make sure that we’re taking care of our IP. We have employees leave all the time and go to other clubs, and there’s methods that we use here and proprietary things that we do that we want to keep secure. So we’ve taken steps to do all that, from internal emails to our databases to the way that our employees access data from personal devices and company computers and everything else. It is important." - Reid Ryan
Ryan even gave a glimpse into what matters most to the Astros when it comes to cybersecurity; the fans.
"The theft of personal data is probably more important to us. Even though the baseball data gets all of the sizzle and the news, what we worry about is how many credit card transactions and personal information we have. If you think about the Astros drawing close to 3 million fans over the course of the year with exhibition and playoff games, we’re the kings of a lot of small transactions. On a given night, we’re having tons of small transactions at the store, at the concession stands, at the ticket office, the 50/50 raffle, so we have to do a good job at protecting that personal data.” - Reid Ryan
Lunch was served, and our expert panelists took their spots up front. Brian DiPaolo, chief technology officer at Accudata, spoke from his past experiences in the oil and gas industry and current experience within an IT company; Teresa Tonthat, chief internet security officer at Texas Children’s Hospital, spoke from a healthcare perspective; Samuel Sutton, computer scientist within FBI’s Houston Cyber Squad, spoke from a federal government perspective.
The hour-long panel discussion more than achieved its goal of having guests walk away with tangible best practices to bolster their security posture, as all panelists drove home the severity of educating and testing their organizations' biggest targets: their own staffs.
“The biggest threats we have in healthcare are our own people. You hear folks asking CISOs 'What keeps you up at night?' and many of them say it’s the human factor.” – Teresa Tonthat
Samuel Sutton followed Teresa Tonthat’s story about a social engineering hack practice with a stat from a colleague’s test to their own enterprise. Just to see what would happen, Sutton's colleague had sent a phishing email to every member of their organization and received shocking results.
“Slightly more than 4% clicked. Half of those were repeat clickers. Half of those had a C in front of their title. Even though your technology can be in order and you can have the hard, crunchy outside, it's the people who are the soft gooey inside, and you have to deal with that.” – Samuel Sutton
“So many people outside of IT, and unfortunately sometimes executives, are typically the folks that can fall susceptible to these types of attack vectors. Taking the time to invest in those types of exercises is always worth it and such a good learning experience for the organization.” – Patrick Vardeman
One question prompted discussion on the safety of the cloud in today’s world. The panelists agreed that the protections in the cloud have gotten stronger, but there are always risks that organizations must stay ahead of.
“Is cloud safer than it was before? Absolutely. It’s much more mature, but it all comes down to looking at the roles and responsibilities that you own as a part of that safety. Doing your due diligence to make sure that the cloud provider is meeting their requirements and going through the whole safety process.” – Brian DiPaolo
“Cars are safer than they were 20 years ago, but they still crash. Same thing with cloud. The cloud environment is safer today, but it can still crash. You still have to be careful with what you do, how you set up, and how you configure.” – Samuel Sutton
Brian DiPaolo spoke on making the correct cybersecurity decisions a habit in an organization's workers to ensure the safety of your organization’s environment.
“I think the phish testing that you can do today and the tools you can use are essential to also promote cybersecurity, but you must make it a habit. You have to do something 10+ times before it becomes nature to respond that way. You want to create a culture of people treating the data and environment that they work in the same way they’d treat their financial data at home. That’s a hard culture to create. It takes ongoing investment, and ongoing different ways because each person accepts the data different ways. It’s not a problem that you’ll ever solve, it’s an ongoing process to raise the bar as high as possible.” – Brian DiPaolo
Listen to the full panel discussion in the video below.
Accudata offers a handful of security tests and checks that can be beneficial to your company. Contact your account manager or call 1.800.246.4908 to set up a meeting with one of our top-notch security consultants today.