Tim Murphy: Curating Cybersecurity

Not every child gets to fulfill their dream of becoming an FBI agent, but Tim Murphy did. The former deputy director of the federal law enforcement agency rose through the ranks to oversee more than 35,000 agents before he retired in 2011.

Murphy and his colleague Larry Pfeifer founded Consortium Networks in 2019, a company that connects technology customers, vendors and experts to share knowledge to improve everyone's cybersecurity. Murphy is now president and CEO of Consortium Networks as well as chairman of the board of Thomson Reuters Special Services.

The company aims to bring together law enforcement and private organizations to work collaboratively and share information to stop cyberattacks, similar to what Murphy oversaw in the fight against terrorism after 9/11.

“Pulling people together to share information had this huge network effect," said Murphy. “We realized that same type of mechanism needed to be built for cybersecurity."

 

Cybercrime: Number One Threat to the U.S.

Murphy believes that cyberthreats have become more sophisticated over the past 20 years, even as cybersecurity is in some ways simpler.

“Cybercrime is the number one threat that we face in the country and the number one threat to every single organization, but people don't realize it," said Murphy. “The threat is as bad and as fast-paced as ever, but we are much better at fighting it now."

Too often however, policies don't keep up with new threats, which leaves organizations battling to manage their own defense. That's why Murphy said he believes so strongly in the importance of organizations networking and sharing information.

“In the early days of cybercrime, the biggest threat was from state-sponsored groups out to disrupt business," said Murphy. “Today, companies are still attacked by the four major state-sponsored groups - Russia, China, Iran and North Korea - who may be interested in stealing intellectual property but who are also coordinating with criminals for financial gain."

Unfortunately, no one is immune to cyberattacks and organizations that are small, medium and large are attacked, Murphy said. Many of the attacks today are purely for financial gain, such as ransomware attacks.

 

Digitalization and Cybersecurity

Digitalization provides new challenges for organizations to protect their information, their business and their customers. Every company needs to start by understanding their digital network, who's on it and how they're connecting, especially when workers connect from home, said Murphy.

“You need visibility into everything that touches the network," said Murphy. “Next, you need to make sure that your software is up-to-date and that all vulnerabilities are patched in a timely manner."

Murphy recommends that every company, no matter the size, employs an individual who understands the risk of cyberthreats and can explain them to everyone from staff to board members. In addition, companies need to invest in artificial intelligence and machine-learning solutions to fight cybercrime because humans can't work fast enough to keep up with the speed of networks today, he said.

While many companies use two-factor authentication, Murphy believes most companies will need multifactor authentication to reduce fraud.

“Financial institutions and other companies have to keep alerting everyone about how they work and don't work," said Murphy. “I get phished every day with emails and text messages that say my account has been closed and I need to provide credentials. People have to realize that's not how companies work."

 

Tools to Combat Cybercrime

While there's more coordination happening now between the government and private sector around cybersecurity, Murphy said it's still not enough. That's why he founded Consortium to help close the gap in cybersecurity.

“We're up against countries where the government and companies are controlled by the same people," Murphy said.

He worries that people don't realize how vulnerable the U.S. is because private companies run much of our crucial infrastructure. But Murphy is optimistic that basic protections and continually updating software will go a long way toward preventing cyberattacks.