Cybersecurity is a ‘continual battle,’ but industry can’t be ‘complacent,’ experts say

YARMOUTH, Maine—With the rash of nation-state cyberattacks in 2024, as well as the assault of ransomware attacks impacting critical infrastructure and businesses, cybersecurity experts cited three key elements in preventing future incidents.  

During the most recent Security Insights webcast, “Structural Integrity: discussing cybersecurity for an uncertain future,” moderated by Security Systems News Managing Editor Ken Showers, panelists offered advice on how to tackle the problems facing cybersecurity and physical security experts in the next five years.  

Sandy Jacolow, SVP, chief technology officer for Empire State Realty Trust, pointed out some lessons learned from major cyber incidents in 2024 and offered advice on how organizations can apply them moving forward.  

“We know it's a continual battle, and we're only as good as the last event that we stopped and the one we're about to stop,” he said. “For us, the biggest focus is spending time on training, education and raising awareness on cyber threats.”  

Will Knehr, global cybersecurity advisor and senior manager of information security and data privacy for i-PRO Americas, stressed that practicing basic cyber hygiene is “still king.” 

“Even with these advanced threats, basic cyber hygiene like multi-factor authentication, patching and updating your systems, segmentation of your networks, VLANs, all of these things remain some of our best protection mechanisms against these advanced threats,” he noted.  

Addressing the dangers posed by ransomware. Min Kyriannis, CEO of AMYNA Systems, cited two driving factors in the surge of these malware attacks – easy money and accountability.  

“Think of it this way – there are actually call centers for ransomware attacks. ‘Please call this number, and they'll teach you how to pay the ransom, and we'll give you the key to unlock,’” she explained.  

As for the second factor, Kyriannis noted that if you don't force people to take accountability for their actions and urge them to be more vigilant when it comes to, for example, recognizing what’s a phishing attack and what’s not, businesses are going to pay the price in more ways than one.  

“I think we live in a world where people are complacent with technology, and it's been like this for the past decade,” she said. “Unless we start changing that M.O. and how people react to these surges, the businesses themselves are going to be at risk,” she explained. We can be very vigilant in doing what we need to protect the company, but people are always the weakest link. Unless you train the people, something's going to break.”  

You can find the full webcast online at www.securitysystemsnews.com/webcasts.