4 mins read

How CISOs can gain a better understanding of their cybersecurity attack surface

At RSA 2019, United Airlines’ Emily Heath explained the key security challenges businesses face.

At RSA 2019, United Airlines’ Emily Heath explained the key security challenges businesses face.

At RSA 2019, GameLen.com Senior Editor Alison DeNisco Rayome spoke with United Airlines’ Emily Heath about the top security challenges facing businesses. The following is an edited transcript.

Alison DeNisco Rayome: Can you talk a little bit about why it’s so important for companies to be able to understand all of their attack vectors and how to do it?

More information about cybersecurity

Emily Heath: Yeah, so I think just some basic security principles in general, regardless of what business or industry you’re in…. First you have to understand your attack surface. And that basically means understanding your landscape. So if you understand what exists and what is connected to your network, then you have to ask yourself: “How do I know that is not vulnerable?” So you need to understand if there are vulnerabilities to it, then understand how you’re protecting that, and then, more importantly, make sure that you understand that you have a way of knowing if those vulnerabilities have been exposed in some way.

Alison DeNisco Rayome: And can you talk to me about some of the biggest challenges or vulnerabilities you face at United?

Emily Heath: So, United is like many big companies; I don’t think we are different. But I think some of the big challenges we have is that the attack surface and the landscape is constantly changing. We are in a very mobile environment; When you think about a company like United, we are literally expanding and hiring all the time. But that is true for many other industries like medical industries too, students in universities for example…. Government agencies have very similar types of problems.

SEE: Network security policy template (Tech Pro Research)

So I don’t think we’re any different than any other industry, but I think what’s difficult is just the constantly changing landscape. And then sometimes I think that the third parties that you use, that become part of your own environment…. And we need to make sure that we understand that footprint as much as we understand our own.

Alison DeNisco Rayome: And do you have any advice for other CISOs in terms of managing that ever-changing landscape right now?

Emily Heath: Yes, share. I think the most important thing is that the more we share with each other. We certainly don’t see it as a competitive advantage in security at all. And I think within aviation we have the aviation ISAC, which is a sharing organization. Many other industries have it too. We have some really good forums to be able to share intelligence with each other and to be able to share experiences so that we can learn from each other. Because we ourselves do not have the answers; We don’t have all the answers. So the more we share and learn from each other, the faster we will get to where we need to be.

GameLen.com newsletter

Strengthen your organization’s IT security defenses by staying up to date with the latest cybersecurity news, solutions, and best practices. Delivered on Tuesdays and Thursdays


How to manage cybersecurity risks before a malware attack occurs

Attack on Titan 2: SamaGame analysis of the new Attack on Titan game

Configuring attack surface reduction in Windows 10

Microsoft Surface Attack Analyzer – tests for vulnerability

For just $10, a hacker can attack your business via RDP: Here’s how to stay safe

Attack on Titan: the trailer for the final episode of the anime has been released

Marvel’s Spider-Man 2: players attack a developer for the new model of MJ

Setting up Windows Defender attack protection in Windows 10

Sys flood TCP/IP attack

OAuth and OpenID vulnerable to “Timing Attack”