Cybersecurity on the Front Lines

The most common attack vector these days with ransomware is people. It's all about phishing, clicking on bad links, stolen credentials, et cetera, et cetera. And the key to preventing that attack vector is, of course, training and awareness. And that takes collaboration, both internally and across organizations. Our focus today is on municipalities. By that, I mean towns, cities, counties. And one of the main reasons we're talking about that is that it's critical infrastructure: police, fire, utilities. At the end of the day, it's the intel, it's the information we share that can help us better defend ourselves and prepare for the cybersecurity issues that are coming.

How do you build out a sophisticated, enterprise-level cybersecurity posture when your mid-sized organization doesn’t even have a dedicated cybersecurity team, and even your vendors treat you like a small business? Turns out, the answer is pretty old school. It’s all about building the right relationships and setting the right priorities. Today we’re talking with Tom Knutson, the self-described jack-of-all-trades for a Wisconsin-based manufacturing firm. He’s going to walk us through how he leverages his team and his own diverse skill set to keep his company safe.

For obvious reasons, financial institutions have always been a top target for cyberattacks, and almost one half of all cyberattacks target small and medium-sized businesses. So, it stands to reason that if you’re going to be in charge of security for a regional bank, you’ve really got to know your stuff. Today we’re chatting with Tyler Morgan, Chief Security Officer for Farmers and Merchants Bank, a regional bank based in Arkansas. As the CSO with a small team, he has responsibility for fraud, vendor management, physical security, and cybersecurity. He spends his time both in the weeds with the technology and at the 30-thousand-foot level, segueing from day-to-day incident response issues to higher-level priorities like compliance and security frameworks.

Municipalities, including local, city, county, and state government have unique challenges when it comes to cybersecurity. Often reliant upon IT generalists to perform the security heavy lifting, municipalities rely on an abundance of tools, and people, to get the job done. We interviewed the IT directors of two city municipalities in Texas and learned that for these organizations it comes down to people - it's about trust and relationship building, up and down the org chart. And in the end, the human element might make a bigger impact on security than shiny tools.

In this podcast, we’ll hear from Ken Kerruish, Information Security Officer at SPH Analytics, a leading healthcare measurement and analytics platform. Ken and his team are governed by the HITRUST framework, and are layered up from the outside to the core.

We’re starting a new podcast series devoted to providing practical advice to pros trying to tackle their day-to-day cybersecurity challenges in the real world. To get there, we’re interviewing a few of our partners and customers, representing organizations of all shapes and sizes, and getting to know all the tools, policies, and procedures they rely on every day. In our first podcast, we’re focusing on healthcare with Wayne Smith, who heads up cybersecurity at Firelands Regional Medical Center, a 227-bed hospital located in Sandusky, Ohio. For a relatively small healthcare organization, they demonstrate particular sophistication and expertise in cybersecurity, and they juggle their IT priorities extremely well.