The University of Maryland's Robert H. Smith School of Business in partnership with the School of Public Policy hosted the Eighth Annual Forum on Financial Information Systems and Cybersecurity: A Public Policy Perspective on January 18, 2012. The forum brought together nearly 100 leading experts from around the world to discuss cybersecurity issues.
The forum, which is managed by Larry Gordon, Ernst & Young Alumni Professor of Managerial Accounting, Martin Loeb, professor of accounting and information assurance and Deloitte & Touche LLP Faculty Fellow, and William Lucyshyn, director of research and senior research scholar at the University of Maryland School of Public Policy, encourages the kind of rich interchange of ideas that can only occur when people from many academic backgrounds and industries gather.
Gordon said that the diversity of attendees to this conference reflects the wide-ranging implications of cybersecurity. The industry breakdown of the audience was about one-third economists, one-third engineers/computer scientists and one-third faculty.
The day-long forum encouraged active discussion around many issues surrounding all aspects of cybersecurity, from insurance and incentives to natural disasters and systemic risk.
Allan Friedman, from the Brookings Institution, spoke about a relatively new concept: cyber insurance. “Cyber risks can be mitigated with investing in technology and specialty staff or by transferring the risk (i.e. purchasing cyber insurance). But, the concept is relatively new and firms have had difficulty understanding both the risks and the basics of such policies.” Companies also balk at carrying cyber insurance due to cost, and/or because the decision is made by IT professionals (although third-party risk assessors are becoming more prominent in this process), who favor investing in technology safeguards.
John Olcott, from Good Harbor Consulting, discussed SEC disclosure guidance on cybersecurity risks and incidents. He outlined three types of cyber attacks: (1) custodial information, (2) operational disruption and (3) intellectual property/trade secrets. He said that most businesses focus on preventing the first two, but the last one has the most financial impact. He said that in 2009, President Obama stated that cyber criminals stole intellectual property from businesses worth up to $1 trillion.
The forum concluded with the annual “Ira Shapiro Lecture,” which is named in honor of the 1958 Smith School accounting alumnus, who was national director of tax services for Coopers & Lybrand (now part of PricewaterhouseCoopers). This year’s lecture was extra special because members of Mr. Shapiro’s family were in attendance. His son, Stephen, who teaches as an adjunct at UMD, made some remarks and said he was glad his family has been involved at “a place that can change people’s lives and make a difference.”
The lecture was given by Ed Gibson, a former FBI agent who currently works at PwC as head of their forensic services group. He specializes in gathering intelligence to detect, mitigate, and prevent corporate IT and security risks. Gibson gave a riveting talk on Internet mafia and the culture of “yes.” He compared social media to easy espionage, saying that we allow things to take place online that we would never allow in real life. (Posting where we are every hour of the day on Twitter and Facebook? Giving random mobile phone apps global positioning access? Organized crimes’ dream comes true.)
His talk had the audience on the edge of their seats, leaving many wondering if they were putting their security in jeopardy because of risky or careless online behavior. He suggested that all attendees go home and update the security patches on their computers, install software updates and secure their wireless networks. These kinds of simple security steps are easy to take, but many people are just too busy to do the recommended updates.
The Smith School’s cybersecurity research is part of a wider university focus on cybersecurity issues, highlighted by the recent launch of the Maryland Cybersecurity Center. The center brings together experts from engineering and computer science with colleagues from across campus in fields such as economics, social sciences and public policy to help establish broad-based cybersecurity initiatives.
Greg Muraski & Alissa Arford, Office of Marketing Communications