I recently had the pleasure of having Kiersten Todt, Managing Director of the Cybersecurity Readiness Institute, on the Endpoint Enigma podcast. After Lookout released our U.S. Government Threat Report, I wanted to dive into some of the key findings, such as outdated operating systems. Kiersten, who also served as the executive director of the President's Commission on Enhancing National Cybersecurity, was the perfect guest to have on for this conversation.
What is the biggest adjustment the U.S. public sector had to deal with in recent months? According to Kiersten, it’s the sudden need to push everything online, from a remote-working environment.
“Companies and government organizations that had prohibited working from home, all of the sudden, were forced to flip their business models,” Kiersten told me. “We relaxed everything without thinking through the security.”
Kiersten and I talked through the different security ramifications related to this accelerated digital transformation. To give you a sneak preview, here are a couple takeaways from our conversation:
Attack surfaces are expanding, cloud closes those gaps
One of the themes Kiersten and I discussed was related to outdated operating systems. “It’s like knowing a car has been recalled but you keep driving it,” she said to me, which I thought was a great analogy. As my colleague Steve Banda concluded in the Government Report, organizations are unnecessarily exposing themselves to hundreds of vulnerabilities when operating systems and apps are not updated.
Both Kiersten and I agreed that, while moving applications and infrastructure to the cloud can have its imperfections, as shown by the SolarWinds attacks, cloud-delivered apps are much more effective at managing risks.
With the Microsoft Exchange incident, SaaS customers were not affected. This demonstrates that running on-premise apps creates unnecessary risks and puts the burden of security on your organization. The reality is that even the most well-resourced organization will have a hard time performing the same level of security provided inherently by SaaS providers.
Secure mobility is not just about convenience
Another observation Kiersten shared was that securing mobility isn’t just about being able to take your phone back and forth to work. It’s about educating employees and nurturing a culture of cybersecurity in the workforce. Having broader adoption to securely operate in a more flexible work environment will ultimately attract talent and create a stronger and more diverse workforce.
There were many more insights I received from speaking with Kiersten. Have a listen to the entire episode to learn more.