Throughout 2019, this mini-series will interview leaders from around the globe to discuss areas of cybersecurity. The purpose is to help students or those new to the industry gain perspective and guidance from professionals in the field. These interview insights aim to kick-start or re-energise your career journey in cybersecurity.
In this month’s feature, Justin Greis, EY’s Americas Practice leader for Cyber Resilience, shares:
These are his insights. What is cybersecurity resilience, and how this is portrayed in the market? Greis outlines concerns he hears from the Boards he consistently interacts with where cybersecurity risks are the number one concern. Greis questions, “why are we seeing an increase in public attacks that make headlines? Why are these attacks becoming more destructive and manipulative? We saw this wave of events turning away from fraud, exfiltration and manipulation from people and blackmail to destruction and now, more broadly, cognitive warfare shaping our social and political discourse. Our team decided to address these challenges. We defined Cyber Resilience as an organisation’s ability to prepare for, respond to and recover from a cybersecurity-triggered business disaster - which we characterise as a large-scale cybersecurity-attack with the intent to destroy or manipulate critical data or systems. We analysed leading companies and established a hypothesis that there is often a missing discipline in a cybersecurity function that focuses on the capabilities that enable a company to defend and adequately recover from disaster-level attacks. We defined this capability into Proactive and Reactive elements.” The Proactive function is the 'running' aspect of Cyber Resilience. Security Architecture is, so often a missing discipline, and Greis believes it is an essential component enabling a company to bounce back. Greis explains, “security architects develop resilient patterns of cybersecurity solutions that are propagated, evangelised and promoted throughout the organisation. These patterns can be taken from prior attacks, natural improvements and upgrades, or can arise out of proactive investment to improve the cybersecurity posture of an organisation. The Reactive function activates when a cybersecurity-triggered business disaster occurs. We identified that a discipline called Cyber Crisis Management (CCM) is often missing from the equation. We found too often when an incident occurs it is:
What, if any, information you would have liked to know starting out in your career? Greis explains, “I would categorise the advice and guidance into three buckets:
How would you suggest others new to the field get involved? Greis emphasises, “This is similar advice I provide to anyone attempting to make a career switch; it has never been easier to reinvent yourself in today’s technology-connected world. If you are in the consulting space, you can become whatever you want to become. It just takes effort and initiative:
This area of cybersecurity is intriguing, in-demand by the market and considered as an excellent career starter. Please be on the lookout for next month’s issue of Decoding Cybersecurity: Interview Insights from Leaders as the journey continues. Please leverage the comment box below to suggest future topics or guests, provide feedback or share with others.
0 Comments
|
AuthorElliot is a Senior Manager in the EY Cybersecurity practice. Elliot enables organizations to build in risk thinking from the onset, enhancing global innovation with confidence. He leads global teams to reduce response times and minimize the impact of security incidents by building and operating mature security, logging, monitoring, alerting, and incident response practices. He successfully led response to and recovery from complex security incidents, such as data exposures, third party compromises, and vulnerability exposures, by coordinating across large enterprises through effective incident response procedures to minimize business impact. Archives
April 2020
Categories |