‘No one is immune to cyber threats’: Keeping your business safe

Jen Easterly: No one is immune to cyber threats right now. And so we all need to see this as our individual and our leadership responsibility, if you’re a business leader, to be able to protect what matters most to us.

Katie Couric: For most people and businesses, cybersecurity isn’t on the daily agenda. But should it be? This is Future Ready by Think with Google. I’m Katie Couric. Joining me today is Jen Easterly. She is director of CISA, America’s Cyber Defense Agency. Jen, great to see you.

Easterly: You, as well. Thanks, Katie.

Couric: I think people hear the word cybersecurity honestly, and they think it’s so wonky, their eyes glaze over.

Easterly: I know.

They don’t really get it. But can you explain it, to the average person, why cybersecurity is important? Who the bad actors can be and what exactly we’re trying to protect.

Easterly: Cybersecurity is essentially the networks, the systems, and the data that we rely upon every minute of every hour of every day. If you walk around with a device, if you have a phone, if you have a computer, all of that is protected in terms of the controls we put in place to make sure that we can operate without being a victim of somebody stealing our data.

Couric: I would imagine the world has changed so dramatically since you really entered this field in earnest, what, in the early 2000s? Talk about the massive changes we’ve seen and what’s behind them.

Easterly: So just think about how much the world has changed in the last 15 years. And this is a world of our making, right? We’ve built this technology ecosystem.

But this is the point that I always say: We built it for cost and performance and features and capability. We never built it for security.

So now we’re in this world, where we’ve created this insecure technology that we’re living with every day. And so we all have to come together to figure out how to secure cyberspace, and it’s got to be collective responsibility.

Couric: What about businesses? I think, Jen, a lot of businesses probably acknowledge they’re not doing enough. What would you advise businesses, small and large, to do when it comes to investing in infrastructure that will protect their assets and keep them safe?

Easterly: Well, if you’re a big corporation, your intellectual property really matters to you, right? You spend a lot of money developing that, and your customers and your clients actually rely on you to keep your data safe.

And this is what, I think, all businesses in America need to realise is that cyber risk can’t be delegated. It’s not the job of that I.T. team over there.

Cyber risk is really the purview of CEOs and boards and business leaders, because ultimately it is business risk. It’s reputational risk. And, if you’re a critical infrastructure company, it’s national security risk. It’s risk to our economic security or our public health and safety.

And so all CEOs should really embrace the fact that they need to do the basic things to keep their data and their networks safe. And that starts with hiring a security team and empowering that security team so that they have the resources and the ability to protect your firm.

Now, we spend a lot of time also working with small businesses because, as you probably know, small businesses, kind of medium size — I think of 11 people — yet they’re about 99% of the engine of the American economy.

And they don’t have — they can’t hire a huge security team. So we work with them so they have the basics of what they need to do to keep their business safe.

Basic things: How do you ensure you’re implementing multifactor authentication? How do you ensure that you have unique, complex passwords, that you’re patching all these vulnerabilities that are in your software?

Again, it seems like rocket science, but it’s really not.

Couric: It’s a lot to manage, isn’t it? And a lot to deal with. But something we need to really educate people about.

Jen Easterly. Jen, thank you so much.

There are more great conversations to help you and your business stay ready for what’s next. Make sure you’re subscribed to Think with Google’s YouTube channel and also watch the other future Ready videos on Think With Google now.