Laura Galante: “Cyber threats are much more dynamic than most other traditional threats”

24 Вересня, 2021

Recognized as a leading authority on state cyber operations, Cyber Security Executive Laura Galante, equips governments and corporations to respond effectively to cyber and information threats. Her recent work includes testifying on acts of cyber warfare in matters of international insurance litigation, attributing major cyber-attacks and network intrusions, developing a cybersecurity framework for a Ukrainian government agency, and directing analysis for the Ukraine Election Task Force. Ahead of Laura’s talk at IT Arena, we quickly chatted with her about the importance of cyber literacy, the scale of the cyber threats today, and the current initiatives she’s working on.

Could you please tell us how your career in the cybersecurity field started?

My interest in international relations and national security issues were spurred by the September 11th attack on the U.S. After university, I was hired to work at the Department of Defense, and in those early days of my career, it became clear that cyber threats from nation states, like Russia and China, would be the weapons of the future. I became deeply interested in developing ways to counter these existential threats. 

Are you currently engaged in any cyber diplomacy initiatives?

I am here in Ukraine to support the US Agency for International Development’s partnership with the Government of Ukraine and their combined efforts to improve the cybersecurity of critical infrastructure.

What is most important in analyzing cybersecurity threats? What should be focused on when building a risk-responding strategy?

Cyber threats are much more dynamic than most other traditional, kinetic threats. Your adversary can write new code, use new online infrastructure, and change targets in a matter of hours. Defenders – and that includes analysts and executives – have to focus on what they value most, not what’s easiest or most difficult to protect.

Do you agree that cybersecurity should become more personalized? Do we need cybersecurity solutions for businesses depending on their cyber-risks? 

Yes. Every organization has a different risk profile and a different level of risk tolerance. This will dictate the solutions and team that an organization needs to build (or buy.)

In post-pandemic when everything turns to remote mode should cyber literacy be popularized? What is the value of such knowledge?

There is still an enormous gap in the general public (that includes most employees!) awareness of cybersecurity practices. Most people don’t enable two or multi-factor authentication – and that’s the easy stuff. Organizations and governments need to integrate cybersecurity training and protective measures into the baseline functions of their employees’ jobs.

Do you think we lack cybersecurity specialists on the global market?

Yes, there is serious demand for cybersecurity professionals globally. Many early and mid-career professionals see the larger technology industry as place to build an exciting career. Cybersecurity is still racing to catch up to the explosive growth of the tech sector over the last 25 years. Ukraine’s highly educated and technically savvy younger generation are well-positioned to help meet the demand for more cybersecurity professionals.

The remote work caused more weaknesses in the cybersecurity network and opportunities to penetrate into it. Do we need some smart cybersecurity systems in the IT industry and other spheres?

More and more people are able to conduct their work remotely and log into a corporate network from their own device. This has made the attack surface larger for many network defenders. There is a continued need for authentication, identity management and other verification products. Implementing a “zero trust” strategy across networks is also important to limit unauthorized access to the most valued parts of a corporate network.

What are the risks of the era of information? Would you give us some tips on how to protect personal information in the age of digitalization?

Always keep your guard up – never click or tap on a link or app if you don’t think it’s trustworthy. That sounds very basic, but your trust is still the number one target.

You have been working with the Ukrainian government during the elections, making direct analysis for the Ukrainian Election Task Force and developing a security framework for the Ukrainian government. What do you think about the state of cybersecurity in Ukraine?

Ukraine is the front lines for Putin’s disruptive tactics, including major cyber attacks. What the Russian government tries against Ukraine frequently takes place later in Europe and the U.S. This puts Ukraine in a vice grip of sorts – Ukrainians see new tactics and have to defend against them without the benefit of hindsight or allies who have suffered similarly. Security is never perfect and security professionals never rest – the many Ukrainians I’ve worked with over the years feel the same way.

Please give us a preview of your IT Arena 2021 talk.

I think many times tech professionals hear “Russia does this, China is doing that” and they tune out or feel like those are very remote scenarios for their work. In my talk at IT Arena, I’d like to turn that notion on its head and get tech professionals to think a bit more like their adversaries and give their own products and services a fresh look with an eye towards security.

Laura Galante’s appearance at IT Arena is supported by the USAID Cybersecurity Activity.

Learn more about Laura and her talk .