Posted by Ted Noakes on Jan 23, 2018
Gary Perkins, Executive Director, Chief Information Security Officer (CISO), at Province of BC, enlightened the members on what the Government is doing to keep our data secure, and what we should be doing too.     
Mike Koessler introduced our speaker, Gary Perkins, the Chief Information Security Officer for the Government of BC.
 
Gary started his presentation by talking about the challenges faced from external threats. with 65 billion ways a hacker can access the government information and 160,000,000 attempted attacks daily.
 
He discussed the challenges in finding people with 209,000 cyber security positions unfilled in the US right now and an estimated 3.5 million gap expected worldwide in the future. This is further complicated by the lack of a formal training program for cyber security professionals.
 
Gary expanded on media reports regarding hacks, demonstrating on Norse Map where attack come from. He expanded on how pronouncements that hacks originate in particular countries often do not reflect the reality of where they truly originate but rather seem to reflect political agendas of those reporting the hacks. In particular, hoe noted a penchant for the FBI to lay blame at the feet of hackers in particular regions when it is politically expedient.
 
Gary then described how hacking and cyber espionage can impact organizations and countries. He gave the example of the National Research Council where hackers broke in and the cost could amount to $300 million. He also gave the example of the Bangladesh Bank where $80 million due to poor security but, for not the mis-spelling of the word "foundation" ("fa" instead of "fo") the cost would have escalted to $800 million.
 
He identified the different types of hackers, ranging from juveniles having fun, to "hacktivists" to organized crime and national states. The threat, he said, was " advanced and persistent".
 
Lastly, Gary discussed the reasons for hackers to target government sites. These can range from the desire to gain economic advantage to wanting a foothold via a "trusted site" to gain access for other nefarious attacks against others.
 
In conclusion, Gary discussed that cyber security was not just an IT problem, but an organizational and enterprise problem as well. While not totally preventable, 80% of problems can be solved by doing "the basics". For this he suggested that people Google "defensible security".