Cybersecurity: an ever-evolving industry
One of the reasons I find cybersecurity so exciting is that it is an ever evolving and transforming industry. It is among the few domains that experiences transformation at scale and machine speed on a regular basis. And not just technological transformation – operational, cultural, and regulatory transformation, too.
Because cyber is so multifaceted, discussing industry transformation on Afternoon Cyber Tea is a wonderful learning experience. Each guest brings a unique perspective and set of experiences to the discussion. My latest guest – Adam Malone, a principal at global consulting, assurance, and services firm, EY – did not disappoint in this regard. Adam has had a unique journey in cyber – from the US Air Force to BAE Systems to the US FBI and now EY. He has seen his fair share of industry transformation, so I knew chatting with him would be fun.
Here are a few highlights from our discussion. The full episode with show notes and transcript is available here – you can listen to the episode immediately below.
The rise of geopolitical resilience
Most leaders agree on the importance of cyber resiliency. The rise in ransomware and events like Colonial Pipeline underscore the criticality of this function. But the last several years have given rise to a new issue – geopolitical resiliency. I wanted to unpack this new challenge with Adam, so I asked him what he is hearing from customers as it relates to this issue. Adam commented, “More of our companies are asking those questions today, right? What have I said? What have I done? Where have we spent money? Where is our supply chain? How is that impacted by this changing geopolitical climate? They're spending more time understanding it – discovering where their supply chain is and what its impacts are, making contingency plans. They're spending more time rehearsing it. They want to bring in experts to talk about how these events could occur and how they may occur and how it could impact them.”
领英推荐
The evolution to quantifiable risk
If you are an avid Afternoon Cyber Tea listener, you know I love a good discussion on resilience. It is a topic that I think needs more C-suite and boardroom discussion. And, in my opinion, you can’t have much of a conversation on resilience without touching on risk. Adam and I discussed the transformation in this space as well – going from the ‘gut feeling’ approach to risk, to a more informed, quantifiable approach. Adam commented, “We (the industry) are moving away from qualitative approaches to understanding what cyber means, and we're thinking about quantifying that – you know, building out real risk scenarios and spending some time and effort to understand how it's going to impact the business, its ability to deliver outcomes, to generate profits for its shareholders. And so that becomes really important - and how fast can it recover and prepare for those eventualities. You know, ransomware has done a lot for us in cyber in helping us think differently about the urgency and the resilience of cyber programs across our companies.”
The shift in regulatory and oversight discussions
Cybersecurity regulations are complex due to the constantly evolving nature of threats and the diversity of the organizations that must comply with them. If you dig into the regulatory landscape, you will find a mix of international, national, state and industry-specific regulations, guidelines, and best practices. Some regulations require specific technical controls, while others focus on policies, procedures, and risk management. It is a lot for any organization to contend with. Adam and I briefly chatted about this. More specifically, the intersection of regulation, board oversight, and cyber risk. Adam mentioned, “One is this shifting regulatory landscape. We've seen a lot of increased interest from the regulators to kind of get their hands around more transparent cyber risk management behaviors – requiring qualified oversight. So, if you think about what they're asking of the boards of directors now, they want more cyber expertise.”
My conversation with Adam was fascinating and full of insights and tips from his experiences in the military and FBI through his role today helping private equity firms better manage risk. For the full episode and more Afternoon Cyber Tea, visit www.afternooncybertea.com . New episodes are released every other Tuesday and are available on the CyberWire and most major podcast platforms.
Search Engine Optimization Team Lead @ webAffinity | Electrical Engineer
3 个月Ann, you're right on about the ever-evolving nature of cybersecurity! It's kind of like playing whack-a-mole with bad guys - you plug one hole, two more pop up. Do you think there's a way to get ahead of the curve, or is it always going to be a game of catch-up with cyber threats?
Demystify selling with Microsoft. Learn what it takes to partner with Microsoft field sellers.
1 年I love the term "cyber empathy". Empathy is crucial for establishing relationships and behaving compassionately and coming together as a community. When it comes to defending against #cyberthreats, bad actors and nation-states, it will take a community.