author photo
By SecureWorld News Team
Fri | Sep 8, 2017 | 6:49 AM PDT

If this was the inaugural SecureWorld Twin Cities (it was), then we can’t wait to see what 2018 is like.

Here are three critical lessons shared during the cybersecurity conference in downtown Minneapolis.

Cybersecurity Lesson #1: Information Security is becoming a matter of life and death

Jason Witty, EVP & CISO of U.S. Bancorp, told a packed keynote session that because of the unprecedented nature of IoT, there must be a shift in thinking among InfoSec leaders.

It is time to move beyond just privacy and cybersecurity to cyber safety because lives are on the line.

“It’s not just about protecting your data anymore,” he told SecureWorld. “It’s also about making sure that whatever the physical manifestation is, something connected to you, the hospital you are in for care or the car you drive. It’s about the pacemaker that’s implanted in your chest and making sure these things are not going to actually kill you.”

Cybersecurity Lesson #2: There is a reason medical device makers still neglect security

Barry Caplin, VP & CISO at Fairview Health Services, told his session he is not surprised to see headlines about medical device hacks and other attacks on the health care industry.

Because so far, he says, there is more talk than action when it comes to securing the Internet of Medical Things, or IoMT, as it's called in the industry.

He also told SecureWorld why things are not changing.

“Security is an afterthought because they’re not required to do it. There is no regulatory body saying, ‘you must do this.’ Now maybe it’s going to happen going forward, there is some pending legislation in the U.S. Senate, but I think we as consumers need to push back on this, so vendors will get religion around security.”

Cybersecurity Lesson #3: GDPR may apply to you, even if you are not operating in the EU

Christopher Rence, Chief Information Security and Risk Officer at Digital River, talked about the hidden impacts of GDPR.

He says you need information, and fast, on your company’s data path through the cloud and even the third parties you do business with.

“Your data just went someplace else. It’s a lot of work to think through that, but you need to work with your business units on how your data flows. Your sales guys, your technical guys—what is happening outside your four walls?” 

And he reminded his audience about easy to overlook items like mailing lists or email addresses sales may purchase. Are you sure no one in the EU is part of those lists?

“It is like using Legos. You need to build it and see what’s missing then decide how you will address it. It could be policy, technology, or working with a vendor.”

More Insights to Come from Twin Cities Presenters

These were just three of the critical lessons learned at this inaugural cybersecurity event. And SecureWorld Twin Cities Advisory Council members say they will make an even bigger impact in Minneapolis-St. Paul in 2018.

In the meantime, follow SecureWorld on Twitter, Facebook, and LinkedIn. We’ll be sharing more critical insights from information security leaders in the Twin Cities in the days to come.

Tags: Cybersecurity,