Are cyberattacks becoming more sophisticated, more frequent? Do people even care anymore? Do businesses care anymore? As these threats rise in frequency and the monetary damage continues to increase, why aren’t businesses taking the necessary steps to protect their systems, data, and customers? Anthony Johnson is the Managing Partner and CISO of DelveRisk and during a roundtable discussion with Rohit Parchuri, an industry veteran and security advisor, Johnson spoke at length about the threat cybersecurity poses today.
“Cyber can be fully catastrophic to a company. A big enough cyber event could delete the backups, could delete the ability of the company to operate, and just completely wipe the organization. There is not another threat that can be as macro systemic to any one organization.”
Those are strong words from Anthony, but the subject matter is just as stiff. On this episode of IT Visionaries, Anthony and Rohit discuss a host of topics, including how recent events have shifted the spotlight on network security, and they debate whether security breaches will make a difference in the long run. The two also touch on why security can often take a backseat to the goals of the company. To learn more, keep listening!
Main Takeaway
- Are you Worried Now: The No.1 reason most companies end up with breeches is due to negligence when it comes to their security measures. A passive system is a network ripe for issues. Make sure you are consistently educating leadership on the risk of passive networks.
- Can I Get An Adjustment? It’s more important than ever for security professionals to align their personal goals with that of their companies. When your value set is not aligned, you may create a security strategy that will not be backed by leadership or have company-wide buy-in.
- Rising Threat Level: While risk models are important in order to understand where a network is vulnerable, it’s equally imperative to understand the types of threats your company might be vulnerable to and understand what the motivations of the attacker might be. Doing this will help quickly identify what is a need for your system against what is a want.
For a more in-depth look at this episode, check out the article below.
Article
Are cyberattacks becoming more sophisticated, more frequent? Do people even care anymore? Do businesses care anymore? As these threats rise in frequency and the monetary damage continues to increase, why aren’t businesses taking the necessary steps to protect their systems, data, and customers? Anthony Johnson is the Managing Partner and CISO of DelveRisk and during a roundtable discussion with Rohit Parchuri, an industry veteran and security advisor, Johnson spoke at length about the threat cybersecurity poses today.
“Cyber can be fully catastrophic to a company. A big enough cyber event could delete the backups, could delete the ability of the company to operate, and just completely wipe the organization. There is not another threat that can be as macro systemic to any one organization.”
Those are strong words from Anthony, but the subject matter is just as stiff. On this episode of IT Visionaries, Anthony and Rohit discuss a host of topics, including how recent events have shifted the spotlight on network security, and they debate whether security breaches will make a difference in the long run. The two also touch on why security can often take a backseat to the goals of the company
Events such as the SolarWinds attacks, Target data breach, and the Colonial Pipeline ransomware have become so common, they are beginning to desentize consumers to the nature of their severity. And Parchuri said that’s where the CISO comes into play.
“If you don’t really understand the ins and outs and how you want to go about [your security practices] and how you educate the company [you’re behind],” Parchuri said. “When we say company, we really are talking about the leaders and the board. Do they understand what exactly is at risk? Did they know how to execute on the risks? What exactly does the management look like?”
While all these points of emphasis fall on the shoulders of security officers, CISO’s are also responsible for aligning their security goals with what is realistic and in line with the company’s values. But perhaps one of the most difficult aspects of that alignment is getting security at the forefront of leadership’s minds to begin with.
“You have to really understand the business to begin with,” Parchuri said. “How does your cyber plan align with the business objectives that they have in play? What exactly is that strategy in terms of the business itself? Are you focused on a specific element within the industry at large or are you tackling a number of different things where you might be exposed that plays a huge role.”
Parchuri said that once you have your goals aligned with that of the business, the next step is to formulate a set of risk models to best determine where the company has vulnerabilities. Johnson had a different take.
“There’s really four reasons why a company gets hacked,” he said. “They want some money. They want to see the world burn, some intellectual property, if those are the motives, then what I really care about is the level of sophistication. So first don’t be negligent, build a program that’s not negligent byproducts that automatically detect those 12-year-olds and then grow your program from there.”
To hear more from Johnson and Parchuri about how companies can best level up their security practices and further strategies to best secure IT networks and employees, check out the full episode of IT Visionaries!
To hear the entire discussion, tune into IT Visionaries here.