In recognition of Pride Month, Security Ledger attended (Not IRL) Pride Summit 2021 by Lesbians Who Tech & Allies, an organization dedicated to promoting Queer visibility, inclusivity, and leadership in tech. This report by Carolynn van Arsdale is of “The Future of Cybersecurity” a conversation between Ina Fried, Chief Technology Correspondent at Axios and Mastercard’s Dr. Alissa J. Abdullah.
When Alissa “Dr. Jay” Abdullah was asked to introduce herself, she mentioned that when she was younger, many of her friends told her that she looked like Janet Jackson. Viewers at this point of the Talk might have been confused to hear a cybersecurity executive mention an R&B legend’s name at this event.
However, Abdullah had a larger point to make in mentioning the iconic singer: whenever a bank or insurance company asked her to create security questions for her profile, such as “what street did you grow up on?” or “what is your mother’s maiden name?” she would use Janet Jackson’s information instead of her own. Why? To prevent hackers from accessing her accounts so that she could be safer online.
Abdullah, Deputy Chief Security Officer at Mastercard, shared her expertise in this Talk about the future of cybersecurity at the Lesbians Who Tech & Allies (Not IRL) Pride Summit. Outlined here are the main takeaways from this session that every tech professional should know.
In the past year, the SolarWinds and Colonial Pipeline attacks have forced businesses and governments alike to reconsider their security strategies. When asked about these incidents, Abdullah stressed that in the areas of information technology and critical infrastructure, we as a society have become “too comfortable” with our security strategies.
These industries and our governing bodies did not think twice about attacks of this scale occurring and creating as much damage as they did, according to Abdullah. “Cybersecurity has turned into an attack on trust,” she said.
Abdullah believes that many industries and critical infrastructure sectors have not been built with cybersecurity in mind. In order to change this, Abdullah feels that we as a society have to lower the level of trust that we have in ourselves and others in an effort to protect these essential institutions and prevent another SolarWinds-like attack.
What does the Average Joe know about cyber?
At the root of the problem is poor cybersecurity literacy, according to Abdullah. That leads to broken security strategies that leave many Americans vulnerable to hackers and cybercriminals. Abdullah noted that her own mother would be prey to pressing a “sketchy” link that popped up in her email inbox. At the individual level, cybersecurity has been presented to the general public as too heavy and too complex, making it seem scary and erecting barriers for those who know little about it to become better informed.
Abdullah reminds us that the cybersecurity community as a whole needs to think more about opposing generations and cultures’ abilities and to come up with more accessible security strategies for the general population. Security tools such as passwords and verification phone calls are “broken” she said and will not suffice for creating a more secure future. Instead, Abdullah advocates the creation of a “security-aware community” that promotes and normalizes a zero-trust environment online and which goes hand-in-hand with giving everyday Americans the tools they need to protect themselves.
Ransomware’s Vicious Cycle
Asked about the current plague of ransomware attacks and whether the future will be free of it, Abdullah sounded a note of pessimism. “I’m not sure we will,” she said. The rapid growth of online data and ever-growing reliance on the Internet create more targets for ransomware groups to exploit. This is why Abdullah believes we have to be “vigilant” in protecting the technological infrastructure of our society. “We have to be better constituents of our data,” she said.
Abdullah stressed that “we as technologists have to do more,” to better educate and share the tools that are being worked on to fight ransomware. She believes that it’s up to large and powerful companies with these tools to work with other entities, such as the public sector, smaller businesses, and even individuals to combat the vicious cycle that is ransomware.
The attack on the Colonial Pipeline, she said, demonstrated that in order to prevent future cyberattacks, there needs to be a strong public-private partnership in an effort to maintain social and economic stability. Abdullah noted that “the government should encourage action” in an effort to combat cyber risks to the U.S., but also that the public sector cannot go at this alone. “The more we share and go into this as a partnership, the better we are,” she said.
The Need for Partnership
Abdullah stressed that the private sector has as much of a responsibility to fight this fight as our governing bodies do. She painted a birds-eye view of the greater picture we need: a collaborative and forward-thinking community that educates the ill-informed public of the risks out there that also creates cohesive solutions to deal with cyber attacks.
Abdullah believes that “we all have a responsibility to reach out and touch our community,” and that this is the avenue that must be taken if we have any hope in combating cyberattacks that will only become stronger and more technologically advanced as time goes on.
If we as a society want to break down the “Quagmire” that we have created for ourselves, Abdullah strongly feels that a new, bold, and untraditional path must be taken, and that everyone should take it.