If you want to cover the breadth and scope of protecting assets in today’s rapidly changing world, it is best to get a wide range of opinions. The diverse group who sat for this discussion come from local, state, and federal backgrounds and, because of that background, give the listener a tremendous perspective on this important topic.

The interview examines priorities, sharing threat information, and the responsibility of management to provide the time and tools for security professionals to do their job.

It is headline news when an oil line gets attacked, but our experts agree that a topic that is not newsworthy is key to keeping data safe: the basics. All three technology leaders said that one must get methodical with basics, like patching, eliminating weak credentials, and instructing staff about social engineering.

Sharing information is a much-debated topic in the cybersecurity community these days. During the discussion, Terry McGraw talked about some of the legal liabilities of disclosure in the commercial world. He suggests that systems administrators who want to share information on attacks are hamstrung by legal considerations.

This is contrasted with some of the new ways threat information is shared in state and local organizations. Jeremy Wilson from Texas lauds the ability of the Multi-State Information Sharing and Analysis Center (MS-ISAC) to help with distributing threat knowledge.

He also mentions the value of training. One department in the wide-ranging realm of the state of Texas information technology was looking at a 30% click-through rate with phishing attacks. He says that a training program dropped that click-through rate to 4%.

Terry McGraw’s final comments were very transparent. He stated that proper protection of assets may not always involve the latest and greatest offering. He suggests that leaders can get the most value from establishing best practices for patching and protecting authorized access to information.