logo-img
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
BUSINESSMANAGEMENTREVIEW.COMJUNE - 20239ENHANCING SECURITY TO MITIGATE CYBERSECURITY RISKSforms. The risks we saw as unpredictable `Black Swan' events only a few years ago are almost everyday occurrences now, with supply chains more fragile than we may have ever realised. WHAT KEEPS YOU UP AT NIGHT WHEN IT COMES TO SOME OF THE MAJOR PREDICAMENTS IN THE ENTERPRISE SECURITY SPACE?We've been talking about the risk that Shadow IT ­ the use of information technology systems, devices, software, applications, and services without explicit IT department approval ­ present for a long time. For me, it's the areas where we don't have good control visibility in the broadest sense that keep me awake. A failure in Enterprise Security tends to be catastrophic in terms of impact, even if the probability is, or at least used to be, vanishingly low. That may well not be a first party one. A successful ransomware attack can be just as devastating down the supply chain ­ and that worries me. Just because we have put in defences for our structured data and systems, the ransomware threat does not necessarily go away. Unless we continue to manage vulnerabilities and have robust, air-gapped, and regularly-tested recovery capability, we may as well be crossing the road with a blindfold on.CAN YOU TELL US ABOUT THE LATEST PROJECT YOU HAVE BEEN WORKING ON, AND WHAT ARE SOME OF THE TECHNOLOGICAL AND PROCESS ELEMENTS YOU LEVERAGED TO MAKE THE PROJECT SUCCESSFUL?It's critical we have confidence in our defences and control effectiveness. Maturity assessments, supplier audits, third-party party assurance only go so far. I need to be confident our locks can't be circumvented, and we do this through Purple Teaming ­ `mystery shopping' for Enterprise Security. It's early days yet, but I'm going to sleep a lot easier knowing it's not just the bad guys testing my defences.WHICH ARE SOME OF THE TECHNOLOGICAL TRENDS WHICH EXCITE YOU FOR THE FUTURE OF THE ENTERPRISE SECURITY SPACE?At a purely geek level, homomorphic encryption provides an exciting opportunity to allow us to not depend on purely contractual controls in the cloud when we really care. More importantly, I think we're starting to see a shift in recruitment behaviours. Hybrid working has changed the job market forever, removing geographics boundaries in a way we've never seen before. The threat landscape changes too rapidly for us to focus on talent with five years' experience in technology Z or in defensive capability Y. Instead, we must, and I think are beginning to, focus on bringing diversity of thought process and problem solving to the security workforce. I'm certainly proud of the results I've achieved with bringing fresh young talent into the cyber security profession.HOW CAN THE BUDDING AND EVOLVING COMPANIES REACH YOU FOR SUGGESTIONS TO STREAMLINE THEIR BUSINESS?You can always contact me on LinkedIn (https://www.linkedin.com/in/mattfoster42/). Do the basics well, don't get hung up on the latest and greatest, build security in from the start and most crucial of all ­ measure everything. It's not good enough simply to `do' either. We need to demonstrate we're doing it ­ every single day. Matt Foster
< Page 8 | Page 10 >