As part of its 2013 Cybersecurity Summit, Washington Post Live convened leading national security officials, industry experts and journalists for conversations addressing cyber risks and the future of cyber defense.
Bob Stasio, former chief of operations, NSA Cyber Center; Chief executive, Ronin Analytics
If you’re a company, the best thing to do is to understand that there is kind of a limit in investing in static security measures. At some point you have to realize you’re going to get hit and you have to realize when that happens. So it’s having situational awareness of what’s happening in your network, so you can find the threat in 10 minutes or 10 hours versus 350 days, and find specifically where it occurred and remediate it.
I would say for an individual, the best thing you can do to make yourself not a target is understand what information is on the Internet about you. That means Googling yourself, setting up Google alerts, understanding what you’re putting on your social media profile. I practice abstinence when it comes to social media. I actually don’t have a Facebook account or a Twitter [account]. That’s really the best way to do it. But really, it’s understanding what’s out there because anything you put there, your birthday, where you went to high school, your husband’s name, your dog’s name — all those can be used to target you. For example, if you lost your bank account password, I can go on and try to figure out the secret questions by information you posted on social media.