Richard Spires, former chief information officer at the Internal Revenue Service and CEO of Learning Tree International, discusses takeaways from a new congressional cybersecurity report, and the importance of securing open source software.
According to the House Energy and Commerce Subcommittee on Oversight and Investigations, there are six main issues that contribute to the rise in breaches and other cybersecurity incidents. In a report, the subcommittee outlined each of these issues, and suggested six cyber safety priorities that organizations should follow. Richard Spires, former chief information officer at the Internal Revenue Service and CEO of Learning Tree International, says that one of the biggest takeaways from the report is “you can’t protect what you don’t know you have” “I usually think about it as good inventory. We have to know where all of our servers are, all of our endpoint devices are, we have to know what’s running on them. But they bring up a good point, what about the black boxes?” Spires said. “…Why did [WannaCry ransomware] hit a lot of hospitals? Because a lot of these medical systems and medical devices are running operating systems that aren’t even known by the administrators, by the CIOs of those medical facilities.”