nexttech.be
en
The knowledge platform for technology, innovation and digital transformation
Jen Easterly is one of the leading voices on cybersecurity in the United States. During her keynote at Securing Tomorrow Now, she explained the urgency of the problem - a cyber-attack takes place every 30 seconds - and how we can guard against it. Industrial Automation was there and summarises her five lessons.
Easterly's love of technology and the power of data began with the US military in Iraq in 2007. The mission of her team and herself was to build a system that could analyse data from satellite and mobile phone networks to stop terrorists. “It was more trial than error during these six weeks, but eventually, thanks to enough imagination, cooperation and entrepreneurship, we had a system ready that led to the arrest of thousands of terrorists.” She subsequently made it to director of CISA (Cybersecurity and Infrastructure Security Agency), the first organisation in America to care about cyber defence. “CISA was created to protect the critical infrastructure and networks that shape everyday life,” she says.”
In 2007, when it all started for Easterly, we were just at the beginning of the digital revolution. It was the year the first iPhone was launched. By 2025, three billion have now been sold, 22,000 videos are uploaded on TikTok every minute and we have launched 7.2 billion Google searches. “The world has digitised at lightning speed, the amount of data exploded. But with more platforms also comes more vulnerabilities. And this is being exploited to steal data, misuse it and use it as a weapon against us. Those who see investing in cybersecurity as a cost are wrong. See it as a competitive advantage. Security builds trust and trust makes businesses prosper,” she sums up.
“Cybersecurity is not the responsibility of the CIO (chief information officer), but of the entire team. You have to build a proactive culture to anticipate threats. And for this, the top is also looked at. Who must allocate sufficient time and resources to set up adequate protection. And who needs to keep the threshold low to report cyber incidents. Those are the best signals for your defence.”
“Your people are your first and most important line of defence. However, a course every year to refresh the basics is not enough to build a cyber-secure culture. It has to become their second nature, so make sure there are constant training sessions. But then make them interactive and engaging. With GenAI, for instance, you can practice simulations. With the basics - installing updates, better passwords, thinking before you click, multifactor authentication -
keep 98% from attacking.”
“We pick too much from our software vendors. Therein lies the big problem. If their products were inherently secure, it wouldn't matter if an employee clicked wrong. He may be the trigger, but never the cause. That lies with the manufacturers who do too little for cyber security. Most of the time, the same vulnerabilities are exploited. The issue is not a patch, but why it is needed. And what a software provider is doing to build a more secure ecosystem. We need to make ‘secure by design’ a purchasing criterion. JP Morgan Chase, the world's largest bank, is doing that now. There will be others to follow.”
“We have to prepare for the worst. Chinese software has been found at US agencies responsible for transporting and distributing water. In the event of an attack on Taiwan, a cyber attack on those institutions was supposed to help create panic and reduce a US response to the attack. Europe is not immune to such tactics either. The better prepared you are, the faster you can recover from an attack and the stronger you come out of it. Imagination and resilience make the difference.”
“The Joint Cyber Defense Collaborative is a great example. That includes thousands of partners from different sectors sharing information on threats. Everyone in such a network benefits from the shared knowledge and awareness. In a world of disruption, relationships are crucial to protect companies.”
