Cybersecurity Update Terin D. Williams - DHS - CISA
Hosted by Box and ASMGi Southern Tier Brewery - Cleveland
March 9, 2023
It's been a while since peers could gather in person and learn about and discuss important IT and Business issues. So it was great to see so many people out and about at this event sponsored by Box and ASMGi.
Box, Inc. is based in Redwood City, California. It develops and markets cloud-based content management, collaboration, and file sharing tools for businesses.
Chris Lewis, Box Account Executive, Carmen Pescatrice, Box Senior Solutions Engineer and Gail Willis from ASMGi
ASMGi is a Cleveland Ohio based managed services provider focusing on optimizing the core areas of IT, while blending in modern technology and processes where it makes sense. They orchestrate these together in what they call ONEteam to provide a comprehensive view of technology in an enterprise.
Steven Roesing, CEO of ASMGi
The hot topic that drew the large crowd was Cybersecurity with a presentation by Terin D. Williams, Cyber Security Advisor, Ohio, Cybersecurity & Infrastructure Security Agency.
Terin D. Williams
Because of the number of questions, Ms. Williams strayed from the presentation and addressed the many questions from the audience. For example, when asked for her top 4 basic strategies for Cybersecurity she offered:
Multi-factor Authentication
Network Segmentation
Immutable Backups
Establishing a Baseline and then Centralized Logging
An immutable backup is a set of backup data that, once written, cannot be changed in any way. That means you can't change it, your CIO can't change it, the manufacturer of the backup system can't change it, nobody can change it - not even ransomware.
This video is some of her responses to questions including whether Ransomware incidents have decreased and how business e-mail compromises are more prevalent now than ransomware. She mentioned trends of attack in Ohio which were Healthcare, Water Plants and Schools and the current big targets of Transportation and Manufacturing.
She stressed the need to not only have incident plans in place but also to rehearse them. I asked her if the TikTok app should be banned in her opinion and she told of how when the reverse engineered the app the data was going outside your own network.
She said that the Silver Bullet of Cybersecurity is people. As seen in the following video, in response to a question she stressed the need to educate your people and practice incident response. Use all the basic tools such as using complex passwords and training people not to click on email links. She suggested that you train your Cybersecurity people on Offense and train your IT people on Defense.