Global Cyber Security Expert Tells Utah Business Leaders to Think Like an Intelligence Agency

With the advent of the Internet of Things, everyone and every business is to some degree at risk for compromised data. Utah businesses may be surprised to learn that big things happening around the world can put their local businesses at risk as well. That’s according to former U. S. Air Force Intelligence Officer Ret. Col. Cedric Leighton, who recently spoke to hundreds of business leaders who attended Bank of Utah’s Fall Speaker Events from Logan to Lehi.

Leighton, currently a CNN military analyst and the chairman of his own global strategic risk consultancy, told business leaders that they can’t fix vulnerabilities without first knowing the threats that exist in the business world—because the cyber world and the real world are now interchangeable. He said our lives depend on the internet and we share personal information with many organizations daily in fields such as banking, healthcare, industry, trade and education. Google recently reported five billion people will soon be connected to the internet and the number of internet devices in the world already exceeds the human population.

According to Leighton, data has become the “world’s most valuable resource.” We are in the new data economy—which includes artificial intelligence, virtual reality and augmented reality—and our data needs to be secured. But Leighton warns that our nation’s cyber protection is inadequate. Firewalls that are meant to protect us are often breached. There is an over-reliance on passwords and authentication technologies that are weak. There is often a lack of encryption, he added, and now criminals are even using file-less cyber data attack methods.

The threats to the nation’s data come not only from organized crime, but from countries around the globe seeking to ruin our nation’s economy, sabotage political elections and even gain access to hard currency. A few sensational international cases from the past include the Saudi Aramco case, where the company lost use of 30,000 computers to the Shamoon virus. Nortel lost priceless intellectual property to cyber intruders that had been residing on their network for more than 10 years! More recently, it was reported that hackers accessed U.S. Securities and Exchange Commission data in October 2016 and it wasn’t reported to SEC leadership until Aug. 2017! The breach potentially stole and used real data to affect stock trades. And let’s not overlook the 145.5 million Equifax records that were recently compromised. This costly breach has spurred calls for more Federal regulations.

What can Utah businesses and organizations do to protect themselves? The cyber security expert provided key strategies for minimizing risk to survive the “global cyber war.”

1. Adopt a cyber-mindset and become educated about the threats to your business. Most people know to beware of email phishing and viruses, but companies might also be vulnerable to cyber threats from vendors and partners with whom they do business. A first step to minimize risk, companies must ensure they, their vendors and partners have adequate liability and privacy protections.

2. Become aware of the risks and implement the “latest and greatest” technologies to stay ahead of the curve. Cyber hackers are constantly finding new ways to steal your data, so only the best, cutting-edge technologies will do.

3. Develop workable internal policies to ensure business continuity if your data has been breached. Breaches happen and businesses are wise to have policies and procedures in place so they can move quickly to secure their data, reach out to stakeholders and continue to operate. That’s where a cyber security expert can help.

4. Think like an intelligence agency and beware of charlatans. Be sure to thoroughly investigate who you hire to provide your online security. Also, be aware of the potential for phishing by being skeptical of email inquiries that seem plausible, but ask for access to personal or corporate data.

5. Develop and enhance public-private partnerships. Leighton urged Utah businesses to lobby their U.S. congressmen, senators and the executive branch, to change Federal laws and regulations so private businesses can be better partners in the global cyber war. Leighton argued that key people in a company who are charged with protecting its IT networks should be given Federal security clearances so they can better understand the nature and origin of daily threats. He believes that with proper guidance from agencies like the FBI and the NSA, firms could more proactively defend themselves if they had access to classified information.

In addition to the Fall Speaker event to inform business owners about cyber threats, anyone can subscribe to receive free cyber security news and alerts at

Brian Stevens is vice president of information technology for Bank of Utah.