SEATTLE – As a senior special agent at the FBI, Mary E. Galligan supervised the FBI’s probe of the 9-11 terrorist attacks and other high profile cases.
Galligan recently retired after 25 years’ government service and joined Deloitte & Touche’s security & privacy consulting practice. CyberTruth asked her to share some insights gained from the front lines of cyberwarfare.
CT: How far has global law enforcement of cybercrime come?
Galligan: Global law enforcement of cyber threats has grown significantly, especially in the past few years. The FBI has 65 offices outside of the U.S. working closely with other law enforcement agencies to combat threats to our country, including cyberthreats. Both the FBI and U.S. Secret Service participate in International Cyber Task Forces around the world. Working together makes everyone safer.
CT: What should companies be doing more of?
Galligan: When you consider that 5 billion devices globally are connected to the internet and 85 percent of the United States’ key infrastructure is in the hands of private companies, it is clear that the risk posed by cyberthreats is very real.
It is important for companies to have a plan in place to contain and mitigate the damage from attacks, and to have a system in place for a quick and successful recovery. This is where cybersecurity is going. It’s about resiliency and having a strong recovery plan in place. Each company faces a unique set of risks and must make cybersecurity decisions based on the specifics of their respective situations.
CT: Who’s the bigger threat, cyberrobbers or nation state spies?
Galligan: While nation states often are capable of the most sophisticated attacks, individual cyberrobbers or hacking collectives can pose an equally serious threat. The most important thing for companies to do is to assess what their most valuable information is, then do everything possible to protect it no matter who the enemy might be. This includes everything from using a secure and well-mapped network, to training personnel and enforcing strict security protocols.
CT: How should enterprises assess the privacy wild card?
Galligan: As we work to secure our systems we must always balance the need for privacy. Companies need to keep their finger on the pulse of what is expected by their customers and employees when it comes to protecting their privacy.
CT: Will things get better?
Galligan: Cyber threats are constantly evolving, but so are our defenses. Cyber security will always be an arms race. Companies need to create a culture in which the responsibility for cybersecurity lies with each employee across every device they use, and this culture begins in the C suite.
I see great promise – and need – for increased collaboration between government, corporate America, and academia. Increased collaboration across these three sectors will be immensely important for the field of cybersecurity moving forward.