Caitlin Sarian, better known as Cybersecurity Girl, shares her journey into cybersecurity and how individuals and businesses can best prepare themselves for the future.
Caitlin Sarian
Founder, Cybersecurity Girl
Can you share your journey into cybersecurity and what motivated you to become Cybersecurity Girl?
My journey to cybersecurity was very odd, and I’ve realized that a lot of people who are currently in cybersecurity had similar situations where we kind of just happened to get in. I studied aerospace mechanical engineering and then got my master’s degree. I had done three internships and I really loved it, but I was looking for a forever job and I just couldn’t see myself in any of those jobs forever. I decided to go into tech consulting, and when I was applying, they were like, “Hey, would you be interested in cybersecurity? We’re starting a cybersecurity practice.” I said yes, but I had no idea what I was stepping into.
Luckily, I ended up loving it. I learned everything on the job. I actually got to do really cool things, and I learned so much and had amazing mentors. That’s one of the reasons why I started the Cybersecurity Girl channel. The main goal was to inspire the next generation of people, especially women, to get into cyber and really demystify what cybersecurity was. I also wanted to educate the public, because there’s really not a lot of education, and we’re giving kids tablets before they can speak.
What are the most critical components of an effective enterprise security strategy, and how can organizations better prepare themselves for threats?
People are our biggest, weakest link, so training and awareness are crucial. Companies throw a lot of money at new technology, which is great because it helps monitor threats, but at the end of the day, our weakest link is our people. There are four main tips: Create strong passwords, don’t fall for phishing scams, update your software, and enable multi-factor authentication. If we have those basic things, that would prevent 95% of the threats and data breaches.
In terms of new artificial intelligence (AI) ransomware and phishing threats, what have you seen lately that you think companies should be aware of?
AI can make everything look real, so it’s really hard. I’ve heard the phishing emails are getting really crazy, and maybe there’s a way that they can scan emails to identify AI, but the other issue is that everyone’s already using AI to start writing their emails. I use AI to write my emails, and AI is not inherently a bad thing. I actually think AI is a force for good if we know how to use it for good. However, I see a lot of people getting tricked because AI is being used to write letters.
A lot of people are now getting letters in the mail with a picture of their house on it saying that they have spyware installed on their phone. It says that in order for them to take it off, the receiver has to pay a large sum to this Bitcoin account. It seems real because they literally have a picture of these people’s houses. However, all of that stuff is public knowledge. From a consumer perspective, we need to educate people on how easily accessible their data is, how important it is to keep their digital footprint down, and how they can protect themselves.
Do you believe cyber liability insurance is essential for businesses today? What advice would you give to companies choosing the right cyber liability insurance?
I think insurance is super important. If you think you have really risky data, definitely get insurance. Small business owners actually did this with Verizon. 43% of data breaches are small business breaches, which is really sad, but they’re kind of an easy target because they don’t have a good cybersecurity stance yet. Because of that, I think it’s even more important for them to consider cyber insurance. Ransomware is rampant. If something happens and you don’t have the right cyber insurance, you’re out of luck.
What resources or tools do you recommend for individuals and organizations looking to enhance their cybersecurity knowledge and practices?
I think every company should start with a personal risk assessment. Understand your high-value assets. Then, ask yourself, “How are we protecting it?” Make a data map. See everything and everyone that touches that data. What are the mechanisms in place to protect yourself if you get a data breach?
How do you envision the cybersecurity landscape evolving over the next few years?
Prominent AI usage. I know they’re already using AI to combat AI threats. Everyone’s saying AI, but it really is a huge thing.
My main concern specifically for the United States is our critical infrastructure. There is already a cyber war going on, and no one knows what’s happening because you can’t see it. It’s cyber warfare, and unfortunately, the United States, China, and Russia have been in it for quite some time and it’s only going to continue to escalate.
I think cyber hygiene is going to be really important to stress. We need to educate the general public so we can all feel empowered to protect ourselves, and then once we feel empowered to protect ourselves, we’ll probably, hopefully, be pushing that over into the corporate and federal environments, too.
