Exclusive interview with Frank Kim, Fellow Instructor at the SANS Institute.
TECHx: What are the most pressing cybersecurity concerns faced today by organizations in the Middle East?
Frank: Cloud computing is transforming the way businesses work. Every large organization is now multicloud by choice or by chance. As a result, cybersecurity teams must be well versed in cloud computing, the corresponding threats, and how to appropriately secure cloud workloads.
TECHx: What are some of the best cybersecurity practices your company has adopted to ensure not only a secure working environment but also a simplified adoption process?
Frank: Automation. To scale effectively, cybersecurity teams must automate to keep up with both the speed of modern attacks but also the speed of the business.
TECHx: Hybrid work culture is now a reality; how are you protecting your remote workforce from potential cyber threats?
Frank: In many ways, the secure behaviors we want people to exhibit while working at the office are the very same secure behaviors we want them to exhibit working at home. However, there are additional behaviors expected of them when working at home as their home environment must be secure, for instance, securing their WiFI network, ensuring family members or children are not accessing work systems or perhaps the use of a VPN.
The other challenge is reaching a remote workforce as all training is done virtually. In short, securing a remote workforce is similar to securing an in-office workforce, however, you need to expand your virtual training capabilities and add some additional, relevant topics.
TECHx: The human factor remains one of the most serious threats to an organization’s cybersecurity; in light of this, what kind of security training should employees receive?
Frank: Security training is moving from the world of compliance to the world of managing human risk. This means security awareness programs need to be closely aligned with the security team and identify the top human risks to the organization and the key behaviors that manage those risks. The awareness team is then responsible for continuously engaging and training their workforce on those key secure behaviors. Training is no longer a single, annual event but a continuous, regular process throughout the entire year that focuses on key behaviors. A big part of successful training is making security simple so it becomes easy and convenient for people to behave in a secure manner.
TECHx: What is the best and most immediate strategy for CSOs/CISOs to implement if a data breach occurs in their organization?
Frank: As a CSO/CISO, your primary role is to drive progress through coordination, understanding and communication. You can’t unbreach an organization but you can inform and control the situation to a better place. Here are some measures that can be taken in the event of a breach –
1. Notify your organization’s key team leads (Legal, IT Admin, Cyber Security, HR, PR), and set a time to meet and ensure that all are aware of “what is known” at that time. Set cadence for future meets.
2. Enact your Incident Management (IM) plans invoking IR, BCP, PR and Legal Support contracts. Consider contacting Law Enforcement especially if you are large, critical infrastructure or supply your government.
3. Identify the worst-case impact from what is known about the breach at this time. Get a timeline from IR to understand the scope of the breach and work to that timeline. Get frequent updates from your IM team.
4. Prepare a press statement around what is known now, and get legal advice before release. Set a time when you need to release the press statement, ensuring it can be passed to all customer contact points.
5. Listen to the IR update at each briefing and identify what that means to your business, your data and your customers. Plan, coordinate, lead the teams. Brief up – laterally internally and externally regularly as required.
6. Look after your people (mentally, too), your customers and yourself.
TECHx: What do you consider to be the most important skills of a modern CSO/CISO?
Frank: Modern CISOs need to go beyond traditional technical skills to build a security-aware and risk-aware culture. A big part of this is understanding how the business works and makes money. By identifying strategic business objectives, the CISO can focus on cyber risks
that affect key business processes and crown jewels. Building strong technical capabilities is just a table stake. CISOs need to show the board and senior leadership teams that they are business leaders as well.
TECHx: What advice or tips would you give to other CISOs in light of the current global cybersecurity landscape?
Frank: Spend more time building and cultivating business and personal relationships. Successful CISOs lead in three directions – up, across, and down. Focus on all three.
