We recently spoke to Chuck Brooks, President of Brooks Consulting International, Georgetown University professor, 2X Presidential Appointee, and a contributor to Forbes and other prominent media on cybersecurity and emerging technologies topics.
We asked Chuck about cyber protection, AI technologies and cyber trends, legislation, the role of personal information and data for org security, and how companies can build an effective cyber defense program. Thank you, Chuck, for sharing your knowledge with our readers!
Can you name 3 industries most vulnerable to cyberattacks?
Healthcare, higher education, and financial advisors The first two is because they are playing a game of catch-up in cybersecurity after being heavily targeted by ransomware attacks, and the latter is because hackers also like to go where valuable data is and where the money is hosted.
What are the current major trends you see in cybersecurity?
For sure, Zero Trust, there is movement in both the public and private sectors to gain an understanding of who, and what are living in their networks and systems. Secondly, Security by Design as we are seeing more attacks on critical infrastructure and legacy systems that need to be replaced. It is an opportunity to design them upfront to counter cyber and physical treats. The third is Defense in Depth. For the most part, businesses will continue to depend on layering security tools and enhancing resilience in both hardware and software.
Which countries succeed the most in confronting cyberthreats and why?
The United States leads the way, but because it is such a big target with many agencies, organizations, and companies, it is also target rich for hackers. Countries such as Israel and Estonia have been under attack and have led the way in developing innovative cybersecurity technologies from their experiences. The UK has been strong as the government works closely with the private sector. Finland and Singapore are also known for their innovation.
How can artificial intelligence aid cybersecurity?
By prioritizing and acting on data, AI algorithms can facilitate more effective decision-making, particularly in bigger networks with numerous users and factors. Finding, classifying, and combining data are incredibly useful skills for reducing cybersecurity risks. Also, cybersecurity can benefit from the application of AI and ML in the domains of threat intelligence and network surveillance. And AI and ML can also help Security Orchestration Automation and Response (SOAR) products.
How does cybersecurity impact the development of artificial intelligence technologies?
Computing systems that use artificial intelligence (AI) and machine learning (ML) are increasingly essential to cyber operations and have become a major emphasis area of cybersecurity research development. Security operators must be aware of everything on your system and be able to identify anomalies quickly, such as malware or misconfigurations, to stop breaches in today’s hyper-connected digital world. In a holistic sense, AI technologies can aid in defending against ransomware, social engineering, and malware that is becoming increasingly sophisticated and destructive.
What new laws and regulations are needed to improve cyber protection?
One of the top challenges in cybersecurity has been getting democratic governments, agencies, and industry to cooperate in a strategic manner. Enactment of a general working framework, among Western allies is pinned on a willingness for cooperation. This will require stronger global laws in response to criminal hacking activity. In addition, more privacy laws will have to be enacted to address the implications of deep fakes and identity theft in the era of AI. The recent SEC requirements in the United States that holds companies responsible for disclosing hacks can serve as a regulatory means of cyber awareness.
More privacy laws will have to be enacted to address the implications of deep fakes and identity theft in the era of AI.
Which major cyber incidents in recent years have been most significant and educational?
There has been a spate of high-profile cyber-attacks including Solar Winds, and Colonial Pipeline that shook the fabric of the cyber-threat ecosystem. Solar Winds because it demonstrated the sophistication of threat actors and the ability to move undetected in lateral networks, and Colonial Pipeline as it showed the vulnerability of supply chains and the interdependence of OT and IT operating systems. Every day there are new breaches so if I listed them it would be 100 pages!
How do you evaluate the level of cybersecurity professionals’ training today?
You can evaluate the training by gamification, simulation, and blue team/red team exercises. Also, certifications, experience and degrees all play into the equation of hiring.
What skills are currently most important for cybersecurity experts?
Same as most professions, soft skills, especially communication skills, are essential. A willingness to learn and train to get better on the technical elements of the cybersecurity role is also critical.
How well do you think companies are focusing on cyber protection issues today?
Not well. It is an ongoing challenge and it starts with budgets. Most companies look at cybersecurity as an afterthought or a cost item. But it is not, it is a means to survive and thrive in the digital age going forward. Until companies lose their myopic perspectives, it is going to be more of the same.
Most companies look at cybersecurity as an afterthought or a cost item. But it is not, it is a means to survive and thrive in the digital age going forward.
What typical mistakes do companies make when implementing cyberdefense programs?
They do not start with a risk management strategy that is tailored to their industry, threats and capabilities. They can get lost in the noise of products and often do not have the cybersecurity talent on board to administer and orchestrate both cyber polices and tools.
How do you see an employee’s personal information (address, phone, email, family, etc.) exposed online affect organizational security?
It happens all the time, including with governments. It is a huge issue as that personal information exposed can be a commodity on the Dark Web and fodder for more attacks.
Personal information exposed can be a commodity on the Dark Web and fodder for more attacks.
What measures should companies take to protect confidential customer, partner and employee data?
Encrypt the data, isolate the data, back up the data, and keep track of who has administrative access to the data!
How can small companies ensure robust cyber protection on a limited budget?
They can do basic cyber-hygiene such as strong passwords, multifactor authentication, and use firewalls, VPNs, commercial encryption, and anti-virus programs. Also, they can consider using a Managed Service Provider to do their security for them.
What about large corporations? What are the key success factors in building effective cyber defense systems for them?
They need more C-Suite expertise that includes the CISO, functioning Security Operation Centers (SOCs), and ample budgets to counter the growing sophistication of threats. If they are involved in critical infrastructure, their involvement with government and participate in public/private threat detection and mitigation programs.
How can developers balance usability and security in digital products and services?
I think they have a responsibility to examine security first. CX and usability can follow.
How do you evaluate the level of average users’ cyber literacy? How can they improve it?
Poor. I suggest they read about cybersecurity on social media as often as they can. Here is a primer for cyber-hygiene.
What are the key things average users should know about cyber hygiene and personal data protection?
Cyber Hygiene is an essential element for any company or individual. Strong passwords, multifactor authentication and knowing not to click on a phish can be accomplished by the basics. Most successful malware attacks are the result of human negligence. Individual cyber hygiene can make someone less of an easy target for hackers.
Cyber Hygiene is an essential element for any company or individual. Strong passwords, multifactor authentication and knowing not to click on a phish can be accomplished by the basics.
Can you recommend a few sources of information about cybersecurity to people who want to stay ahead of cyber threats?
- My newsletter on Linked called Security & Tech Insights
- My LinkedIn profile
- Here are some of the media sources I read and publish in: FORBES, Chuck Brooks.
- The Cyber Express
- GovCon Wire
- Top Cyber News Magazine
- Homeland Security Today
- Cyber Theory
- AT&T Cybersecurity
- Dark Reading
- US Cybersecurity Magazine: Chuck Brooks
- Bizcatalyst360 Chuck Brooks
- Cognitive World: Chuck Brooks
- Security Info Watch
- CIO Inc
- Cyber Security Hub
- Bank Info Security
- IIoT World
Which new technologies will drive cybersecurity advances in the next 5 years in your opinion?
In a nutshell, emerging technologies are impacting the sector in the following categories–artificial intelligence, machine learning, cybersecurity, digital transformation, 5G, internet of things (IoT), quantum and high-performance computing, cloud and edge computing, augmented reality, big data, virtualization, smart cities, wearables, 3D printing and material science. It is going to be an exciting ride!
About Chuck Brooks
As the President of Brooks Consulting International and a consultant with over 25 years of experience in cybersecurity, emerging technologies, marketing, business development, and government relations, Chuck helps Fortune 1000 clients, organizations, small businesses, and start-ups achieve their strategic goals and grow their market share.
Chuck also serves as an adjunct professor at Georgetown University, where he teaches graduate courses on risk management, homeland security, and cybersecurity, and designed a certificate course on Blockchain technologies.
As a thought leader, blogger, and event speaker, Chuck has briefed the G20 on energy cybersecurity, The US Embassy to the Holy See and Vatican on global cybersecurity cooperation. He has served on two National Academy of Science Advisory groups, including one on digitalizing the USAF, and another on securing BioTech. He has also addressed USTRANSCOM on cybersecurity and served on an industry/government Working group for CISA focused on security space systems. Chuck has been named “Cybersecurity Person of the Year” by Cyber Express, Cybersecurity Marketer of the Year, a Top Cybersecurity SME to Follow, and a “Top 5 Tech person to follow” by LinkedIn. He is also a contributor to Forbes, The Washington Post, Dark Reading, Homeland Security Today, Skytop Media, GovCon, Barrons, The Hill, and Federal Times.
In his career, Chuck has received presidential appointments for executive service by two U.S. Presidents, and served as the first Director of Legislative Affairs at the DHS Science & Technology Directorate. He has also served in executive roles for companies such as General Dynamics, Rapiscan, and Xerox.
Chuck has an MA from the University of Chicago, a BA from DePauw University, and a Certificate in International Law from The Hague Academy of International Law.