Former Secretary of Homeland Security, Michael Chertoff says hacking and breaches are inevitable. At an annual Cybersecurity Conference, he said, “If your view is ‘prevention, prevention, prevention… that is going to be doomed to failure. You are not going to eliminate the risk of cyber attacks; this is about managing the risk.”
The keys to cybersecurity, according to Chertoff, lie in evaluating risk, vulnerability and consequences. The potential hackers could be motivated by money, desire to get information, and through political ideology. It is important to assess accurately vulnerability to be pre-emptive if there is an attack. Finally, there has to be a system in place to deal with attacks once they have happened, similar to the way the human body deals with fighting off an infection. Strategies should be in place long before an attack happens, and the assumption that breaches won’t occur is false. Systems should be evaluated for resiliency and there has to be effective collaboration if there is an attack.
Chertoff concluded with, “I wish we were as fanatic about cybersecurity as we are about Ebola.”