When Stanton Gatewood began working in cybersecurity nearly four decades ago, it wasn’t even called cybersecurity.
“It was just Security and Information, Security InfoSec and things like that,” he said. “I’ve been very blessed to have worked in cybersecurity for 37 years or so. I worked in the United States Military and the United States Air Force.”
There wasn’t even a Department of Homeland Security back then. It wasn’t created until 2002.
Gatewood was the featured speaker at Southwest Gwinnett Chamber of Commerce’s First Friday breakfast on March 1 at the Hilton Atlanta Northeast. He shared information with the audience of small business owners, nonprofits and community leaders about the realities of cybersecurity and how to safeguard against threats.
Stanton Gatewood’s background in cybersecurity
Gatewood’s resume is quite extensive. He is the U.S. Department of Homeland Security and CISA Region 4 Cyber Security Coordinator, an advisor for the State of Georgia. He was formerly the Chief Information Security Officer (CISO) for the state of Georgia, the Board of Regents of the University System of Georgia, and the University of Georgia.
He has over 35 years of cybersecurity and e-privacy experience in cybersecurity program management, strategic planning and executive leadership. He has worked in U.S. federal, state, local, territorial and tribal governments, as well as higher education and several top-10 global corporations.
Gatewood is also a USAF veteran and has served as the vice president for information technology and the chief information officer (CIO) for Albany State University. He has built two centers of excellence in cryptography and cyber awareness and training.
“You cannot stream news, watch TV or read a newspaper without the topic of cybersecurity [coming up],” he said. A lot of people will stand up and talk to you about cybersecurity, and they’re preaching fear and uncertainty that I don’t have.”
Understanding cybersecurity
Gatewood started his presentation with an overview of cybersecurity and went through some terminology.
First, he addressed awareness.
“Awareness can be broken into two categories, situational awareness and user awareness,” he said.
He encouraged the audience to learn as much as they could about cybersecurity and electronic piracy. Even though many people think they are aware of threats, they still click on suspicious links, leaving them vulnerable to attacks.
“Situational awareness comes from the military. It means they’re letting us know exactly who’s in the area and what the environment is made up of. ‘What are our resources available? Who else is in the field that we communicate with and rely upon?’” he asked.
By staying aware, people should know where they’re going on the internet, who they’re communicating with, and that an attachment is safe to open. User awareness is a component of the security policy that should include educating and testing employees to help protect the business against cybercrimes, including phishing and other social-engineering attacks.
Preparedness is also key
“Do not fall asleep at the wheel of the internet,” said Gatewood. “Do not think that those 5 million people out there are all your friends.”
Social media accounts like Facebook can also be gateways for cybercrime.
“Over 65% of the breaches on the internet come from human error,” he said.
According to the government site ready.gov, cyberattacks can occur in many ways, including:
- Accessing your personal computers, mobile phones, gaming systems and other internet- and Bluetooth-connected devices.
- Damaging your financial security, including identity theft.
- Blocking your access or deleting your personal information and accounts.
- Complicating your employment or business services.
- Impacting transportation and the power grid.
How to be resilient
Gatewood said almost everyone will be the victim of some sort of cyberattack. How the individual or business survives depends on resiliency—the ability to anticipate, withstand, recover from and adapt to adverse conditions, stresses, attacks or compromises on systems.
“You must have resilience; you must be in shape,” said Gatewood. “You must have the mindset of ‘I will not allow this to keep me down. I will go get my incident response plan. I will execute my incident response plan. I will find out if it’s truly an incident. I will then morph myself into a disaster recovery plan. I will morph myself into a business continuity plan. And then I’ll have a resumption of business plan.’”
Gatewood said he’s been called to help many times, and when he asked about a response plan, everyone looked like a deer caught in headlights.
“Moving in resilience, the capacity to withstand or recover quickly from any difficult situation or toughness, [is crucial],” he said.
He shared a term, “left of boom/bang,” that he wanted the audience to remember. It encourages them to take a proactive approach to cybersecurity and avoid possible threats by making decisions based on observation and intuition to prevent the bad from happening.
By the numbers
- There are 5.3 billion internet users (66.2% of the world’s population).
- There are 17 billion devices on the internet.
- There are 1.6 billion records or files lost or stolen in the fiscal year 2023/2024 so far.
- $183 is the average cost of a data breach per record.
- 5.04 billion people used social media in 2023.
(Source cisa.gov)