Stanton Gatewood on Why FUD Doesn't Make Businesses SecureGeorgia Cyber Official Shares Why Awareness, Preparedness and Resilience Are Vital
One of Georgia's top cybersecurity officials urges industry leaders to shift conversations with customers from fear, uncertainty and doubt - or FUD - to awareness, preparedness and resilience.
Stanton Gatewood says security officials should discuss both user awareness and situational awareness with customers to ensure companies understand what's normal for their network and systems. From there, companies should ensure they have the right technology and personnel to detect a compromise, plus a business continuity or disaster recovery plan that ensures the attack isn't a business-ending event (see: US CISA Official: 'Forcefully Nudge' Users to Adopt MFA).
"People still don't take cybersecurity seriously unless and until they're victims. Then, all of a sudden, it's the worst thing in the world," says Gatewood, who is the U.S. Cybersecurity and Infrastructure Security Agency's cybersecurity coordinator for the state of Georgia. "You should be ready for whatever attack comes along the way."
In this video interview with Information Security Media Group, Gatewood discusses:
- Why FUD isn't a good way to educate the public about cybersecurity risk;
- Why confidentiality, integrity and availability are essential to security;
- How the cybersecurity industry should address impending retirements and brain drain.
Gatewood, a former CISO for the state of Georgia, the Board of Regents of the University System of Georgia and the University of Georgia, has more than 35 years of experience in executive leadership, cybersecurity program management and strategic planning, including the U.S. military, state and federal governments, higher education and several top 10 global corporations. Gatewood also has served as vice president for information technology and as CIO at Albany State University. He has built centers of excellence around cryptography and awareness and training and is a recent nominee to the National Cyber Security Hall of Fame.