2022 cybersecurity entrepreneur challenge

Problem Statement: How can your new company help organizations reduce dwell time, and dependency on people for cyber related incidents?

More about the Problem:

• Check back soon for more information.

What Companies are Doing Now to Solve the Issue:

• The cyber industry is an in demand career field where many companies are struggling to find cyber professionals.

• Many companies are looking for an artificial intelligence solution to reduce the people overhead of security.

Key Stakeholders:

• Sam Evans, CSO, Micron

Problem Statement: How do we reduce or eliminate password sharing?

More about the Problem:

• This is a human nature problem. There are plenty of tools trying to prevent sharing now, but they can still be hacked around. For example:

  • • SMS or Email verification codes can be hacked or shared

    • Security questions can be hacked or shared

    • The same IP address can be used (i.e. someone else logs in from the same computer)

• Ultimately, because we cannot change human nature, how do we start moving away from passwords as a means of authentication? Biometrics are being used for phone logins and purchases. How can more physical computers and digital software embrace a similar model that consumers will also enjoy.

What Companies are Doing Now to Solve the Issue:

• Basic cybersecurity training

• Password rotations

• 2 factor authentication

Additional Resources:

• Password Security Policy: Managing the threat of shared passwords in enterprises: https://www.isdecisions.com/blog/it-security/password-security-policy-managing-the-threat-of-shared-password/#:~:text=If%20a%20password%20is%20shared,falsely%20accused%20of%20the%20violation.

• Get the latest cybersecurity news and updates sent straight to your inbox: https://www.keepersecurity.com/blog/2021/07/06/4-rules-for-safe-password-sharing-in-the-workplace/

• Netflix testing a new feature to curtail password sharing: https://www.cbsnews.com/news/netflix-password-sharing-crackdown-feature/

Key Stakeholders:

• Nick Stafford, Chief Information Security Officer, Idaho Central Credit Union

Problem Statement: How can we reduce the impact of social engineering scams in Idaho?

Business Impact:

• “Idaho is #2 in the nation in per capita text messaging scams. These scams attempt to exploit Idahoans by impersonating services that are important, such as financial services, IRS/Tax services, shipping services, and many others. Your challenge is to develop tactics, techniques, and methods to get Idaho out of the top 10 using technology solutions, education and awareness campaigns, industry and community partnerships, partnerships with law enforcement, and state and federal programs to driver measurable reductions in cyber and financial fraud in Idaho”.

More about the Problem:

• This is a social engineering challenge – humans can often be influenced to ‘bite the fraud bait’ when fraudsters impersonate services or people that are important to them. The mode often involves email (phishing), text (smishing), and live voice calls (vishing).

  • In most cases, the fraudster succeeds by generating a sense of urgency, describing something ‘scary’ about something that is important, and provides a ‘fake’ link to copycat websites or services that look similar to the service the fraudster is impersonating.

• These cyber criminals are often successfully phishing for multiple account credentials, including email credentials. When this is successful, the fraudster gains access to the victims service account (such as their bank), and their email account, so email codes for multifactor authentication are often compromised in addition to the service credentials.

• The industry indicates that the very young and the elderly are the most susceptible to being defrauded, but all demographics tend to be impacted.

What Companies are Doing Now to Solve the Issue:

1. Customer training and awareness

2. Implementing digital biometric methods

3. Considering the use of more complex and advanced multifactor methods

4. What else can organizations, institutions, and governments do to mitigate the impact?

Key Stakeholders:

• Nick Stafford, Chief Information Security Officer, Idaho Central Credit Union

Problem Statement: How can companies reduce the white noise of constant cybersecurity warnings?

More about the Problem:

• Some cybersecurity monitoring tools do a great job of logging and monitoring every digital activity. But with so much data, it's hard to sift through what really matters.

• The same logic holds true for notifications. When notifications are sent for every possible cybersecurity threat, the notifications become white noise because the cyber team sees too many and everything is "always a threat."

• With limited bandwidth, how do we let teams and employees know what they should be doing or monitoring now, based on business priorities.

Key Stakeholders:

• Ryan Larson, Director, Head of Security, Here.com

Problem Statement: How do we remove much of the manual effort needed to monitor cybersecurity now?

More about the Problem:

• Even with A.I. and M.L on the rise, much of cybersecurity is still manual. Examples include:

  • • A human has to teach the cyber software what to look for. Because dynamics are always changing, it can take a full time employee to adjust the algorithm.

    • Notifications are often manual. For example, a cyber software can create a flag for a human to read. Once the human reads the data, they can create a customer care ticket, or manually start the communication process. But most cyber software are not taking action. They monitor and alert - they don't communicate and try to resolve.

• As a result, cyber becomes very expensive very fast. You have to pay for the software and the employees to understand and run it. Even if they have the capital, the need (and delay) of using a human, gives threats more time to do damage than if there was an automated process.

Key Stakeholders:

• Ryan Larson, Director, Head of Security, Here.com

• Sam Evans, CSO, Micron

Problem Statement: How do we have visibility of cyber risks when companies primarily run their business via 3rd party cloud services?

More about the Problem:

• Companies can do a good job standardizing company equipment, including internal servers, PCs, etc. However, more and more small businesses are running applications from the cloud.

• How do companies running on AWS, Google cloud services, and cloud SaaS monitor threats? In other words, how do they know if a threat is coming in via AWS or a 3rd party SaaS?

• Companies have process in place when threats occur - but this is more of a visibility issue. In addition, this is more a centralized cloud monitoring situation for SMBs with a smaller budget.

What Companies are Doing Now to Solve the Issue:

• If they can afford it, companies are hiring a cybersecurity employee to help manually monitor attacks. However, most SMBs (especially in the early stages) do not have the budget for a full time cyber employee.

• There are other tools that can help monitor a specific cloud service, but not a centralized tool that auto-tracks all at the same time.

Key Stakeholders:

• Dan Decloss, Founder/CEO, PlexTrac

Problem Statement: Zero trust is a relatively new way of looking at protecting an organization and requires leaders to think differently about security. One of the biggest challenges for an organization looking to embark on a Zero Trust journey is where to start and where is the end?

Business Impact:
Many companies are looking for a framework, or a reference architecture that they could use to start their zero-trust journey, but don't know where, or how to get started.

More about the Problem:

• This isn't a solution-based problem, but rather a process, people and somewhat technology challenge.

• How can your new company come up with a zero-trust model that an organization could follow that would allow them to build a foundation to implement a technology solution.

Key Stakeholders:

• Sam Evans, CSO, Micron