Ransomware attacks and the future role of the CISO – teissTalk – TEISS

On18 May,teissTalkhostJenny Radcliffewas joined by a panel of fourcybersecurity expertsin a wide-ranging discussion that covered government actions,ransomware attacksand the future of the CISO.

You canaccess avideoof the discussionhere

WillJoe Bidens new cybersecurity executive order change the ITlandscape?

The executive order, evenif its impactis mostlylimited to federal institutions and their contractors, is a milestone in cybersecurity legislation. Thanks to major ransomware attacks against key US infrastructure and the Vice Presidents advocacy of reasonable security and compliance with CIS (Centre for Internet Security) controls going back toher days as Attorney General in California, the Biden administration is expected to have the fight against cyber-attacks at thetopof its legislative and law-enforcement agenda.

The fact that the executive order talks about IoT security standards also suggests thatwerewitnessinga watershed moment. Although the executive orders main objective is to make federal institutions and their supply chains more transparent,itsvery unlikelytoleave the rest of the private sector intactin the long run.

Mandatory disclosure of data breaches and hackshasalready beenaround incritical industries such as pharmaceuticals and healthcare. Now,as a result ofthe executive order, an even wider circle of institutions and private enterprises will need to comply.

Internet providers can also play a more prominent role in fighting cybercrime in the future by blocking internet traffic coming from rogue states and known threat actors.

Governments,automationandpeople:the three pillars of cyber-defence

Ransomware attackswereoriginally drivenbyfinancial gain. However, as the number of incidents disruptingcritical infrastructure andthreateninghuman livesis growing fast, it increasingly needs to be seen asa form ofcyberterrorism. As the perpetrators of cybercrime are oftenfinanced or even commissioned by nation states, governments of western democracies have recently taken afirmer stance on putting up a fight against them.

The UKs Integrated Defence Review published in March reserves the right to use nuclear weapons againstemerging technologies that could have a comparable impacttochemical, biological orothernuclear weapons, although its not completely clear whether this was meant to cover cyber- attacks.

Meanwhile, in a statement, the US administrationdidntrule outauthorising a kinetic response, or, in other words, active warfare in the event of a large-scale cyber-attack by a nation state.

Attribution, however,is much trickier in the case of cyber-attacks thanintraditional warfare, therefore,in order toavoid escalation and a potential cyber war,retaliation must be only the very last resort.

The current situation, where private businesses need to defend themselves against national threat actors without the support of the state is unprecedented. Therefore, what the business sector needsto better tackle cyber threats is a more active cyber-defenceposture adopted by their governments.

There have already been examples in the past when governments providedprotectionfor privateenterprisesto ensure the uninterrupted flow of global trade on the Mediterranean or the Atlantic.Businesses need a similar kind of supportnowin the cyberspace.

Although for medium-size and small businesses the scope for cyber defence is much more limited for lack of human and financial resources, automation and the use of secure software and multi-factor identification can go a long way.

As about 85 per cent of all breaches start with anemployeeclicking on an attachment or link that theyshouldnt, taking the human element out of the cyber threat equation is key. Withthe number of breaches in the cloud exceeding those on premises first time ever, cloud security is another area that needs to get to the forefront of the fight against cybercrime.

What will be the CISO of the futurelike?

The role of the CISO has been changing a lot over time. Originally the CISO was seen as a compliance and risk guru.Forrester has established five more types of CISOs (transformational, post-breach, tactical/operational, steadystateand customer-facing evangelist), which will probably whittle down to no more than two or three as the role will get more mature.

Demonstrating some self-deprecating humour, CISOssometimes refer tothemselvesaCrisis-Induced Sacrificial Officer, which points to the irony that people fulfilling this role are often held responsible forincidents which are beyond their control.

In the future, CISOs will probably have more leverage and willincreasinglyreport directly to the board. For this relatively new role toget more established, CISOs need to see and evaluate their own performance through the eyes of CEOs, asking themselves how many customers their efforts helpedthe businessto attract and retain.

teissTalkhostJenny Radcliffewas talking toKathleen Mullin, Chief Information Security Officer,HealthmapSolutions;Paul Raines, Chief Information Security Officer, United Nations Development Programme;Ian Hill, Global Director of Cybersecurity, Royal BAM Group;andSteve Moore, Vice President and Chief Security Strategist,Exabeam.

You can access the recording of thisteissTalkhere.

Read the original post:
Ransomware attacks and the future role of the CISO - teissTalk - TEISS

Related Posts

Comments are closed.