Achieving effective cybersecurity relies on experts from all corners of an enterprise – network systems administrators, cloud experts, data stewards, cybersecurity officers, and more. Making all of those parts work right together makes cybersecurity the ultimate team sport, and it requires all levels of an organization to understand and avoid risks to a network, said Steven Hernandez the chief information security officer (CISO) for the Department of Education (DoE).
“Cybersecurity is not dependent solely upon your organization’s CISO or IT team. It has always been and will always be dependent on everyone who interacts with the IT ecosystem,” Hernandez said during a virtual summit hosted by Akamai and FedInsider on May 11.
Hernandez explained that there is a common thread between all cyberattacks – the human element. Cybercriminals understand that the basis of an attack is to gain access to a network, and that the human element is the key to a higher chance of success.
“Even though we have incredible technology in the works protecting our networks, we still need folks in our organizations to understand – they are a target. And it takes clear communication from these cyber leaders in your organization to get them to understand that they are a part of keeping that network secure,” Hernandez said.
He highlighted National Cyber Director Chris Inglis’ efforts to go beyond just speaking with cyber leaders in an agency, but also with other leaders about cybersecurity – actions that he said have resonated throughout the Federal space.
“If we are not having a conversation about cybersecurity consistently throughout leadership in an agency, cyber practices will not resonate throughout the rest of an enterprise. And we will never be ahead,” Hernandez said.
But that team effort goes beyond just an individual agency’s rules and regulations, he explained. This also means information sharing and communication among agencies. Hernandez explained that the increase in guidance from the White House and other Federal agencies also underscores the importance of information sharing efforts in combatting cybercriminals.
“From everyday users spotting a phishing attempt on the frontlines to high-level IT experts building strong firewalls, it’s up to all of us,” Hernandez emphasized.