With cyber threats and security breaches ever-growing in frequency and scope worldwide, several new and evolving cybersecurity efforts position the University of Wisconsin–Madison to maintain its full-court press to protect our information, systems and data.
That was the message shared by UW–Madison Office of Cybersecurity leaders at a Cybersecurity Awareness Month panel discussion highlighting some anticipated areas of focus in the coming year.
“The bad guys are going to continue to be actively trying to find out what we have and see how they can monetize it, or see what they can do with it,” said Chief Information Security Officer Bob Turner. “The scenery does change, but the fundamentals stay the same. We have to understand that if we collect data, we have to protect the data.”
So, how does the cybersecurity team intend to keep these “bad guys” at bay? It’s a complex, multi-pronged battle, with a few key themes emerging on the horizon—including maximizing automation, mitigating risk, and changing the way the university offers cybersecurity awareness training to the faculty, staff and students who are often our first line of defense.
Why is automation an important element of a cybersecurity strategy? Security experts say it’s in part because automation of cybersecurity management and measurement tasks makes data collection faster and more efficient. At the same time, by eliminating some tedious, time-consuming work, IT security experts’ time and energy is freed up to focus on higher-priority responsibilities—and ultimately, their expertise can be proactively directed to bigger cybersecurity threats.
“If you think about it in a framework of orchestration, administration and remediation, those are the things we need to be able to do at some point along the way,” Turner said. “So we’d like to be able to automate as many security tasks as possible.”
Key areas of focus in increasing automation include threat intelligence, cloud security, data security, enterprise mobility and the automation of activities within the university’s Cybersecurity Operations Center (CSOC).
Another area of focus in the coming year is the “continuing journey” to automate risk management functions, Turner said.
These efforts will involve putting new tools in play to manage workflow and efficiency, focusing on cloud security, data security, email security, and the risks associated with the many contracts across the university with third-party vendors.
“This is important considering all the systems we’re feeding into, and the systems as a service that we’re getting from the cloud,” Turner explained.
The year ahead will also bring a new approach to increasing security awareness among the entire university community, Turner said, as he introduced a new “microlearning” approach to annual cybersecurity training.
The new approach dovetails with UW–Madison’s theme for last month’s Cybersecurity Awareness Month: “Do Your Part. #BeCyberSmart.” The theme was selected to highlight the role that individuals play in protecting their parts of cyberspace, stressing personal accountability. And with criminal elements continually ramping up the sophistication and frequency of their efforts to gain access to the volumes of data we hold at UW–Madison, it’s an important theme to carry forward.
So, rather than offering the standard one-time, one-hour annual cybersecurity training next year, the Office of Cybersecurity is looking at shifting to a series of smaller, shorter learning opportunities for faculty, staff and students to increase their security knowledge throughout the year, Turner explained.
“You basically only have 4-5 minutes of learning potential in a given workday, because of everything else going on,” Turner said. “And that learning is better retained when you do that ‘microlearning’ experience.”
In the new microlearning approach, incentives may be offered for going above and beyond minimum targets, offering the opportunity to learn more for those motivated to do so.
Cybersecurity Forward Award-Winners
In case you missed it: In the last issue of TechNews for faculty and staff, we introduced the key players in cybersecurity initiatives who were honored at the October 26 Cybersecurity Awareness Month event. Learn about the honorees’ wide-ranging efforts to protect UW–Madison’s cyberspace.