Twenty years after the first National Cybersecurity Awareness Month, the safety and security of our digital world has never been more critical. The Institute for Security and Technology (IST) is dedicated to anticipating the risks in emerging technologies and taking collaborative action to advance national security and global stability through technology built on trust.
To mark this Cybersecurity Awareness Month, Communications Associate Lillian Ilsley-Greene sat down with IST’s cyber team members to get their insights on some of the nascent and most pressing cybersecurity issues facing our world. We discussed the importance of cyber hygiene in staying safe online, the need for products that are #SecurebyDesign, the role of AI in cybersecurity, and more.
Q: What do you wish the public knew about cybersecurity?
Megan Stifel, Chief Strategy Officer: The smallest actions can have outsized impact…turning on MFA everywhere possible can significantly raise your security and that saves you time and potentially money.
Elizabeth Vish, Senior Director for International Cyber Engagement: A few best practices can make a huge difference! Buying products that are secure from the get go is really an important one – we deserve products that aren’t easy to hack!
Philip Reiner, Chief Executive Officer: The strongest signal industry responds to is financial incentives: the public can—and should—demand more from technology providers in terms of safety and security.
Tiffany Saade, Adjunct Cyber and Artificial Intelligence Policy Fellow: The bad guys are always out to get you. It is up to you to be proactive about your own security, instead of paying the price (in the case of ransomware, even quite literally) after the breach.
Jennifer Tang, Associate for Cybersecurity and Emerging Technologies: Cybersecurity is everyone’s responsibility. Many people think the responsibility for cybersecurity lies solely within their IT department. In reality, everyone plays a crucial role in keeping systems secure. Simple actions, like using strong passwords (yay MFA!) and being cautious with email links, can make a big difference.
Q: How do you suggest we close the knowledge gap between the cybersecurity industry and the public?
Philip Reiner: I don’t know that closing that gap is a useful way of expending scarce resources. Car owners aren’t increasingly well versed in the safety and security of the inner workings of their automobiles. I don’t read up on aircraft security before I fly. We can only expect so much from the public – they should be informed as to the simple things they can do to protect themselves.
Taylor Grossman, Deputy Director for Digital Security: That having been said, we all need to work better to answer the “why” when it comes to implementing security procedures. You don’t need to be a technologist to get the basics behind why MFA, password managers, segmenting network access, etc. are helpful ways to keep yourself safer. We all–companies, policymakers, researchers–need to work together to help individuals understand why a few small steps can make a big difference!
Q: How does your work make our institutions more secure?
Gigi Flores Bustamante, Future of Digital Security Associate: A key aspect of my work is helping to facilitate cross-sector collaboration that directly strengthens institutional security. At an event IST helped organize, participants shared that the gathering allowed them to connect with critical stakeholders they might not have otherwise met. These connections—spanning government, private industry, and civil society—are vital for combating ransomware. By bringing together diverse voices, we help create a network of experts who can collaborate on actionable policies and share best practices. This cross-sector cooperation is essential for developing coordinated responses to ransomware, ensuring that institutions can respond swiftly and effectively to cyber incidents.
Mariami Tkeshelashvili, Senior Associate for Artificial Intelligence Security Policy: Raising awareness about the various risk categories associated with foundation models, including their impact on cyberspace, is a key aspect of my role. I believe that engaging in ongoing conversations about these risks and sharing our research findings through different convenings already makes a difference and paves the way for more actionable strategies that can help mitigate potential threats.
Philip Reiner: Through intimate and first-hand knowledge of both technological developments and national security priorities, we are uniquely well placed to anticipate opportunities and potential risks from emerging technologies and drive positive outcomes.
Megan Stifel: We work with policy makers to shed light on gaps in policy, law, and operations that the malign actors use against us. By closing these gaps, we are helping secure our world.
Q: What is your favorite part about working in cybersecurity?
Gigi Flores Bustamante: What I enjoy most about working in cybersecurity is the continuous learning! This year alone, I’ve had the opportunity of attending conferences in the UK, Germany, and Brazil, where I’ve met professionals from around the world, all committed to improving cybersecurity. It’s inspiring to witness the collaboration of diverse perspectives, all working toward the common goal of a safer digital world.
Taylor Grossman: I love how inherently interdisciplinary the field of cybersecurity is. We work best when we combine perspectives from a myriad of backgrounds. There are so many ways to enter and flourish in this field—from the social sciences, engineering, humanities, law, etc. I continue to learn so much from my peers because they come at the problems we face in cyberspace from fresh angles.
Philip Reiner: The people. Despite all the challenges that come from working in the field, working with the cyber community is energizing, heart warming, and fun (most of the time!).
Tiffany Saade: Collaborating with experts who share a common mission: protecting systems, communities and users from an ever-evolving threat landscape. Collaboration for collective security is a really special space, because you see people from all walks of life and from across the globe putting the pieces of a dangerous puzzle… all for the greater good of our societies.
Q: What do you feel is the most pressing issue in cybersecurity? How can this problem be addressed in 2025?
Philip Reiner: The most pressing issue is twofold: faced with a vast array of products and systems that are not built with safety and security in mind, creating widespread, systemic risk, how can we move fast enough to keep ahead of adversarial intent – whether that is cybercriminals, or more critically, nation state threats like Volt Typhoon? Addressing this in 2025 requires a massive effort – exemplified by IST efforts such as the Ransomware Task Force and Undisruptable27. Collaborative, hard charging efforts that act with speed and intention are needed to stay ahead.
Megan Stifel: Market incentives are not aligned to bring secure technology to market. In 2025 IST will continue to draw attention to this challenge while also working at the tactical level to evolve secure by design, default, and demand.
Trevaughn Smith, Future of Digital Security Associate: Even a single ransomware attack can be devastating for small and medium businesses. Simple, cost-effective steps like using MFA and keeping backups up to date can make all the difference between thwarting a successful attack, bouncing back quickly after a cyber incident, or dealing with serious financial and reputational losses.
Mariami Tkeshelashvili: One of the most pressing issues in cybersecurity today is that malicious actors have unprecedented access to a wide array of tools and resources, allowing them to develop and launch increasingly sophisticated operations in cyberspace. With the help of AI, these actors can operate more quickly, adapt swiftly, and enhance their efficiency.
Q: What is your cybersecurity prediction for 2025?
Steve Kelly, Chief Trust Officer: Private sector innovation for uses of AI in software safety and cybersecurity will explode in 2025, and it’s not just hype. Defenders have the edge, but bad actors will no doubt be close behind in making use of AI in their cyber attack capabilities.
Philip Reiner: I do expect novel AI capabilities to radically change the game for cyber defenders, but also expect that our systems and capabilities aren’t prepared for the speed and breadth of the changes that will drive. With new opportunities comes the need for change – and while it doesn’t have to be, change can be hard.
Elizabeth Vish: Ransomware will explode in middle income countries as higher income countries start to take better precautions.
Q: What is your best tip for staying safe online for individuals?
Philip Reiner: Always question provenance – in a world of increasingly inauthentic everything, need to stop taking for granted that what was once routine and trustworthy. Have a routine. Just like you have a routine at the end of the day to lock up your house, have a weekly or monthly routine to change your passwords, shut down and restart your phone and computer, etc. Have a cyber hygiene routine.
Megan Stifel: MFA all the way.
Steve Kelly: Ignore text messages, emails, and phone calls from anyone not in your contact list, or with whom you lack an established relationship. When in doubt, call the trusted individual or business directly using a phone number previously known to you. Never click a link or call a phone number listed in an unsolicited message, as it might connect you to a convincing scammer.
Taylor Grossman: Whenever possible, use multi-factor authentication (MFA) to secure your accounts — especially those that access sensitive data like banking or health information!
Q: What is your cybersecurity hot take?
Elizabeth Vish: The problem is that we have too many devices connected!
Philip Reiner: It doesn’t have to be this hard.