How do enterprises define cybersecurity strategy?
Earlier in October at South Summit Adara Ventures ran a Cybersecurity track to explore emerging threats and technologies within the cybersecurity space with some of the sector’s key international players. Alongside deep dives into AI in Cybersecurity, Blockchain and its implications for secure enterprise applications, IoT and Cloud Security; we also included a discussion with some of Spain’s top Chief Information & Security Officers (CISOs) to hear how large organisations are approaching cybersecurity to protect against ever more frequent and sophisticated cyber-attacks.
We were delighted to have participate in this discussion Alejandro Becerra, Global CISO for Telefónica, Agustin Gonzalez, Global CIO for Prosegur, Roman Ramirez, Head of Security Ops & Architecture for Ferrovial, and Adolfo Hernandez, Head of Cyber Defence at Banco Sabadell. The discussion was kindly facilitated by Alberto Yepez, Founder and Managing Partner at ForgePoint Capital, and touched on a range of current topics including proactive versus reactive cyber defence strategies, the cybersecurity talent shortage, cyber budget allocations, and how to engage with the startup community in the fight against cybercrime.
We wanted to distil some of the discussion into four key learning points that Corporates and Startups might use when approaching cybersecurity:
The importance of proactive Vs reactive strategies
Alejandro Becerra, Global CISO for Telefónica spoke about the importance of always being prepared for the next major cyber attack. The panel agreed that it is impossible to avoid 100% of cyberattacks but damage can be limited if the business has a proactive approach to threats. Alejandro spoke from experience, noting that Telefonica found itself in this position during the WannaCry attack which affected over 200,000 victims and more than 300,000 computers worldwide. Key to defeating the attack, was an open and transparent approach to communicating with their entire ecosystem of customers and partners, a message that empowered the security community to protect their own organisations and collaborate in taking down the virus.
Risk management is key
Roman Ramirez, Head of Security Ops & Architecture for Ferrovial highlighted the reality that it is impossible for an organisation to secure every asset and therefore it is critical to prioritise certain assets and manage risk instead of trying to protect everything. Some assets and potential vulnerabilities will have a much higher value for attackers with a greater or lesser possibility of being attacked. CISOs should focus on understanding what these assets are, the probability of uncovering a vulnerability, and taking the right approach to mitigate that risk.
Offer solutions not technology
In engaging with the startup community Alejandro Becerra, Global CISO for Telefónica stressed the importance of vendors offering solutions to corporates and not just technology. “It is easy to get wrapped up in emerging new technologies like AI and Blockchain that are having a major impact on the sector however as a buyer we are only interested in how you are going to solve our problem.” Agustin Gonzalez, Global CIO for Prosegur highlighted the importance of being customer-centric in a startups approach to selling new solutions. “Empathy with the client is critical in demonstrating that you have a deeper understanding of the issues I am facing and how your solution can help me solve them.”
Activate the human firewall
As a closing comment, Alberto Yepez, Founder and Managing Partner at ForgePoint Capital, reminded us that often the weakest link in an organisation’s cybersecurity defence is the human element. It is the individuals lack of understanding on how to react to a potential attack that can exacerbate the issue, converting potentially harmless attacks, like a phishing email, into a more viral organisation-wide attack. Alberto pointed to education as a means of addressing this shortcoming. By doing so, the organisation activates the “Human firewall” that can act as the first vital line of defence to oncoming cyber-attacks.
As the ecosystem continues to evolve at rapid pace, we believe these are strong building blocks upon which organisations can fight cyber attacks. Also, they provide significant insight into how CISOs approach new solutions. We hope this provides food for thought for any budding cybersecurity entrepreneurs out there on how to approach product positioning and how to present it to potential clients.
