Jim Haring on CyberSecurity
Jim Haring, Chief Information OfficerOne often thinks of cybersecurity with regard to government agencies, financial institutions or high-speed trading platforms. But now, more than ever, cybersecurity is vitally important for public transit agencies.
At MV, the threats we currently think about most – the ones that keep us up at night – are those involving financial transactions, emails, and bank transfers. It is critical for maintaining security that every organization is employing two or three modes that verify these areas.
Another concern relates to the pandemic. So many organizations have implemented virtual work arrangements. That might not be out of the ordinary for other industries, but in transit our work has traditionally been very physical … yet now we have people that are working from home, and they can be very susceptible to cyber threats. IT departments are usually on point for protecting organizational assets and setting security policy, but they can’t control every user in every setting.
We recommend that transit agencies do several things to protect themselves. First and foremost, be humble. Cybersecurity is a thankless job. Bad actors wake up every day and no matter how strong you think you are, criminals are always looking for a new weakness to exploit to penetrate your defenses.
Next, recognize that cybersecurity is a long, multi-year road map and journey. You cannot get there all once. We think the right path is ‘zero trust,’ where no one inside or outside your organization is trusted until their identities are confirmed. We’re happy to share the methods required for that approach with our agency customers and partners so that we go on that journey together.
We also recommend pursuing independent risk scoring, independent baseline testing, and an outside view of your security posture.
Finally, and perhaps the most important element of cybersecurity, is conditioning your user base to be diligent about cybersecurity and aware of possible threats. Ninety percent of attacks happen through inadvertent actions of users, so training and vigilance among this group is paramount.