How CISOs can gain a better understanding of their cybersecurity attack surface

At RSA 2019, Emily Heath of United Airlines explained the top security challenges businesses face.

How CISOs can gain a better understanding of their cybersecurity attack surface

At RSA 2019, TechRepublic Senior Editor Alison DeNisco Rayome spoke with Emily Heath of United Airlines about the top security challenges businesses face. The following is an edited transcript.

Alison DeNisco Rayome: Can you talk a little bit about why it's so important for companies to be able to understand all of their attack vectors and how to go about doing that?

Emily Heath: Yeah, so I think just some basic tenets of security in general, regardless of which business or industry you're in... First of all you have to understand your attack surface. And that basically means understanding your landscape. So if you understand what exists and what is attached to your network then you have to ask yourself, "How do I know that that is not vulnerable?" So you need to understand if there are vulnerabilities to it, then understand how you're protecting that, and then, mostly importantly, make sure that you understand that you have a way in order to know whether those vulnerabilities have been exposed in any way.

Alison DeNisco Rayome: And can you tell me about some of the biggest challenges or vulnerabilities that you face at United?

Emily Heath: So, United's like many big companies; I don't think that we're any different. But I think some of the big challenges we have is that attack surface and the landscape is changing constantly. We're in a very mobile environment; when you think about a company like United we're literally expanding and contracting all the time. But that's true of many other industries like medical industries as well, students in colleges, for example... Government agencies have very similar types of issues.

SEE: Network security policy template (Tech Pro Research)

So I don't think we're any different to any other industry but I think just the constant changing landscape is what's difficult. And then sometimes I think the third parties that you use, which become a part of your own environment... And we need to make sure we understand that footprint just as much as we understand our own.

Alison DeNisco Rayome: And do you have any advice for other CISOs in terms of managing that constantly-changing landscape at this point in time?

Emily Heath: Yeah, share. I think the biggest thing is the more we share with each other. We certainly see it as no competitive advantage in security whatsoever. And I think within aviation we have the Aviation ISAC, which is a sharing organization. Many other industries have that also. We have some really good forums to be able to share intelligence with each other and to be able to share experiences so we can learn from each other. Because we don't have the answers ourselves; we don't have all the answers. So the more we share with each other and learn from each other the faster we'll all get to where we need to be.

Also see