Karl Betz, Director of Infrastructure, Risk Management and Chief Information Security Officer, TDS Telecom
Every day presents itself with new challenges in the cybersecurity world. As the director of infrastructure, risk management and chief information security officer for TDS Telecom, I find we are constantly confronted with different threats from cybercriminals. When I think about top threats and emerging trends facing security today, they are:
Top Two Threats:
1. Third-party risks, specifically Software as a Service (SaaS) and cloud computing
2. Outside threats that target our employees Top Emerging Trends:
3. The California Consumer Privacy Act and other privacy laws
4. Shortage in cybersecurity employees
5. Use of data, artificial intelligence and machine learning
1. There are benefits and risks to SaaS solutions and Cloud computing. The capacity, ease of installation and maintenance, and the quick access to services have made working in the Cloud very appealing to users. However, we know and understand that hosting data in the cloud or with a SaaS provider present different risks than traditional approaches.
Protecting our customer’s data is extremely important, which is why we ensure all third party contracts have strong security and privacy language so that we have clear expectations put forth and recourse should there be any type of event. While cloud services and SaaS platforms generally offer strong security measures, it’s critical to tailor these settings to fit the specific needs of our organization and to perform our own assessments of their solutions to validate the adequacy of their controls. It also important to note that cloud and SaaS solution are not inherently more risky or insecure than traditional methods, but they do present different risks that require vigilance and as a security organization our role is to enable our business to evolve, move quickly, and do so in secure manner.
2. The most successful attack vector for attackers are humans. As much as we educate our employees about phishing scams or the dangers of visiting malware-laden websites, someone will still “click”. To help counter these situations, TDS has invested in various controls that provide layers of defense that help block attacks and detect potential threats. It’s an area that we are constantly tweaking and improving.
1. TDS provides services in 30 states, including three locations in California. The California Consumer Privacy Act (CCPA) is considered to be the most comprehensive in the country and is designed to give consumers more control over their personal information. The law is set to take effect January 1, 2020. We have been making the necessary investments to comply with CCPA. We anticipate that other states will enact similar laws, so the processes and controls we’ve put in place for the California law, are being developed in a manner that will enable TDS to comply with other state privacy laws as they are enacted.
2. As cyber threats continue to become more sophisticated, there certainly is a challenge to find and hire skilled cybersecurity professionals. TDS is very supportive of universities and trade schools that are training more students in cybersecurity programs. I know all too well, how tough these jobs are to fill. To help in these efforts, I have been asked and have agreed to serve as an industry member on a newly created advisory board that will be providing input on curriculum, marketing, and recruitment for future cybersecurity professionals for a local university. I am very optimistic that public-private partnerships like this will lead to more students going into the cybersecurity field.
3. A final trend and one that is gaining more momentum, is leveraging more and more data along with machine learning to identify threats. Security organizations have always been big users of data, but there have been great advancements in technology that allows security teams to capture and aggregate data for any host/ system in your network and then leverage machine learning to have a computer look for and flag anomalies that may be indicative of a security risk. The maturing of technology in this space is one thing we are looking to in order to help address the shortage of security professionals in the marketplace today.