We attended the Enterprise CyberSecurity (ECS) in London yesterday. In between meeting with a host of information security professionals, I got the opportunity to sit in on some great presentations.
The event kicked off with Bank of Ireland’s UK CISO, Flavius Plesu, and his talk on “Rethinking the Human Factor – The Importance of Building a Cyber Risk-Aware Culture”. Human error is still the number one cause of cyber incidents and data breaches – even when there are preventative security protocols in place. His message to business leaders was clear: it is now the role of the CISO, or similar figures in the organisation, to tackle behavioural change and to focus on building an enterprise cybersecurity risk-aware work culture.
Royce Curtin of Barclays and formerly of the FBI gave a barnstorming tour through the cyber threat landscape. I particularly liked his first three commandments for what we need to focus on – hire top talent, leverage the best technology and patch your estate.
Aaron Cockerill, Lookout’s Chief Strategy Officer, led a conversation on why phishing is both different and more problematic on mobile. He explained that the traditional corporate perimeter is quickly dissipating as organizations as a whole continue their journeys towards a more mobile-enabled workplace. We at Corrata are in complete agreement with this, and it’s something you can read about in more detail in our blog post.
He also mentioned that all endpoints, and mobile devices in particular, are now outside the protection of the organisation’s firewall. This means that mobile users can access enterprise apps and SaaS in addition to personal services like social media and email. This is something that attackers look to take advantage of – the fact that the line between personal and business use is getting narrower and less clear. This is just one reason why cyber criminals are actively focusing their efforts on mobile devices and sensitive, corporate data – feel free to check out some more reasons here.
Tom Christophers of Thames Water was really insightful about the disconnect in language between information security teams and business executives. In my experience, it’s all about context and expressing risk in language that educated business professionals who are never going to be infosec experts can relate to.
Thanks to Whitehall Media for a great event.