Spurring Cybersecurity Awareness and Education in Central Oregon

We’re all in this cybersecurity thing together. As we actively take part in the statewide Cyber Oregon initiative and push forward on our mission to build tangible solutions to protect the digital lives of all Oregonians, we are reminded that it takes the entire state to make that happen.

Cybersecurity is often at the center of conversation among business and information technology (IT) professionals these days. In fact, it was the main topic of discussion at the first annual Bend Cybersecurity Education Summit earlier this month in the center of our state, in Bend, Oregon. Cyber attacks and data breaches were key topics and important concerns. “Everyone in this room has been breached or will be at some point,” stated one leading cybersecurity expert and the audience responded with nodding heads. There was also ample discussion about how to protect companies big and small, available cybersecurity and networking resources, and current cyber threats.

Protecting sensitive information is critical if we want to stay in business … and thrive. According to the National CyberSecurity Alliance, half of all cyber attacks target small businesses. The Summit covered security standards, regulations, coalitions, resources, procedures, best practices—it was a day to learn from experts, and learn from each other, with examples shared and discussed. The Summit was well attended by IT security professionals from regional businesses and organizations of all types, representing a cross-section of interest from banking, healthcare, point-of-sale, local government, education, and technology. Each sector had the same question: What can we do to protect our company, our customers, and our assets from the growing cyber threat?

Some of the attendees may have been surprised to learn that their own employees could be one of the greatest sources of cybersecurity problems, with cyber criminals using social engineering techniques to break through defenses and into businesses. Employee cybersecurity training was a hot topic. One point of view was to encourage employee openness so they will come to IT if there are problems—even if they were the ones making the mistake, such as accidentally clicking on a spoofed email attachment (which happens more than we want to admit). Vendors also pose risks, especially if they have network access. One speaker suggested having the people you do business with follow the same security procedures you do, to ensure you have a similar security mindset.

Key presenters and topics included:

• Cybersecurity research, cyber health, and promoting cyber hygiene, Rebecca Craven, MPA, Center for Public Service (CPS) at Portland State University and Jess Daly, MPP, CPS at Portland State University
• Building blocks of an information security program, Leslie Golden, CISSP, president, Instill Security
• How to be PCI compliant, Tyler Hardison, CISSP, PCI QSA, director of solutions and innovation, Redhawk Network Security
• The hidden element of cybersecurity: the human element, Lewis Howell, CISSP, CEO, Hueya, Inc.
• The state of cybersecurity in Oregon; NW Cyber Camps, a cybersecurity summer camp for teens Charlie Kawasaki, CISSP, principal, Software Diligence Services, LLC
• When vendor vulnerabilities become your own, Clara Tsao, White House Presidential Innovation Fellow and chief technology officer at the Interagency Countering Violent Extremism Task Force
• Resources and support available from the Department of Homeland Security Ronald D. Watters Jr., M. ED ESLC Cyber Security Advisor, Region X, Office of Cybersecurity and Communications, United States Department of Homeland Security

You can find these presentations in the Resources section of this website.

We were honored to host the first annual Cybersecurity Education Summit along with the Technology Association of Oregon. While the day came to a close, just as the first snowflakes appeared in Bend, the cybersecurity discussions will continue. Now, with Cyber Oregon, the building and delivering of tangible solutions will also continue. Cybersecurity is a daily focus for many of us, as we are steeped in security and we all want to do the right thing. We are all in this together, throughout our state and beyond.