Resilience was the word of the day, not least because it was used in the Financial Times’ cybersecurity event: the Cyber Resilience Summit, which IoT Insider attended. The event was held in London on 27th November and brought together thought leaders and key stakeholders to talk about cybersecurity from a multitude of angles.
Interviews, fireside chats and panel sessions centered on a wide range of topics including new and emerging technologies and understanding the risk they pose; the cyber insurance market; and mitigating human risk, to name a few – which acknowledged that people make mistakes that can result in risk, and organisations need to take this into account.
Technologies such as AI and quantum computing were brought up to understand both the risks and opportunities they presented – as AI in particular was addressed as a technology that could occupy a dual role: defending against attacks and perpetuating them – alongside addressing the human element in cybersecurity, looking at how people can play an important role in creating a positive security culture and mindset.
One panel session addressed exactly this. ‘Cyber resilience in the boardroom: Strategy, leadership and governance’, was a panel moderated by Financial Times’ Senior Business Writer Andrew Hill, and brought together Naina Bhattacharya, Former Chief Information Officer at Danone; Peter Dalton, Partner at Herbert Smith Freehills; Jessica Figueras, Interim Chair at UK Cyber Security Council; and Peter Lassig, Group Chief Information Security Officer at Commerzbank.
One point raised by the panel was that a culture of fear is arguably the worst to create in a company, and counterintuitive to fostering openness among employees who feel more comfortable voicing concerns than those in the first scenario, and that the boardroom has a responsibility to set the tone.
“There are important things that I look for,” said Figueras. “Number one is a board that seeks assurance, and typically we would use standards and frameworks to do that … We would seek external views, which are independent views from the executive team. Secondly, it’s a board that has a testing and learning mentality.”
Understanding the human risk was covered in a panel session on, ‘The first line of cyber defence: Mitigating human risk’, which was moderated by Michael Peel, Science Editor at the Financial Times and featured panellists Stephen Bonner, Deputy Commissioner, Regulatory Supervision at the Information Commissioner’s Office and Matt Cooke, Director, Cybersecurity Strategy at Proofpoint. It sought to understand human risks such as a lack of education or training as well as insider threats, where threat actors recruited employees from within organisations.
“There are two sides to the insider threat,” said Bonner. “It’s a term misuse, I think, in some cases, for disgruntled staff … In our work now, we have fantastic examples of placed insiders deliberately going for personal data. These are circumstances where organised crime groups have identified data of value and placed people in these organisations.”
The variety of speakers present were keen to impart lessons such as the importance of a positive security culture, addressing the problem rather than running away from it, and to appreciate that in cybersecurity, mistakes will be made, showing that the human element of cybersecurity remains all important.
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by commenting below or visiting our LinkedIn page.