Cybersecurity is Entering a New Era

Cheddar News

Jim Guinn, EY Americas Cybersecurity Leader, shares how companies must stay vigilant and navigate the evolving regulatory landscape.  *Sponsored by EY

Transcript

00:00I'm Dave Briggs here on the floor of the New York Stock Exchange, joined by EY America's

00:04cybersecurity leader, Jim Gwynne.

00:07Jim, great to have you here.

00:09Thanks for being here.

00:10Cybersecurity, it's probably the most important thing in the world that people aren't talking

00:15about enough today.

00:16Why is it more important right now than arguably ever before?

00:19It's a great question.

00:21You have a myriad of factors.

00:23In today's world, you've got a lot of geopolitical activity that's going on, whether it's in

00:27the South China Sea, whether it's wars in the Middle East, whether it's wars in Eastern

00:31Europe that are causing a lot of consternation and a lot of real tragedy, right?

00:36Every single one of those kinetic activities starts with some sort of cyber related event.

00:40So you have the normal cyber related events, ransomware gangs, people that are trying to

00:43do bad things.

00:44And then with all these geopolitical tensions, you also have nation state and or nation state

00:48actors poking and prodding at one another to figure out, can we get in?

00:52Can we pre-position?

00:53Can we figure out what we might want to do in the event that we want to create a diversion

00:57or distraction for something we might want to go actively do?

01:00Jim, you referenced times of transition.

01:02What are those different types?

01:04Yeah, there's all kinds.

01:06Whether you're a corporation and you have a new CEO or executive team that's coming

01:09in, whether you're divesting a portion of your business, you're merging something together

01:13with another business.

01:15And even in politics, like we have with the U.S. government transition, you have one administration

01:20coming in, another administration going out.

01:22Those are all elements of transition.

01:24We are undergoing a dramatic political shift at the moment.

01:27So what are the proactive steps you recommend organizations take in those times of transition?

01:32There's really just five.

01:33They're really, really easy.

01:35Number one, you better have a really good threat intelligence program that you understand

01:38where the threats are coming from.

01:39Number two, you take that information, you apply it to your threat hunt capabilities.

01:43Number three, you teach your employees.

01:45You train, train, train.

01:46Teach them what to do and what not to do.

01:47Number four, you actually have to test everything.

01:50You have to test your environment, your network, your systems, your applications, and look

01:53for vulnerabilities.

01:54And number five, and this is probably one of the more important, you have to know what

01:57you have.

01:58You have to know what's on your network.

01:59So you need good asset inventory.

02:01If you don't have that, you can't protect what you can't see.

02:03And if you can't see it, you can't protect it.

02:05What role does leadership play in maintaining vigilance for cybersecurity?

02:10You have to start at the top.

02:11I think the single most important thing that executives can do is speak about cybersecurity

02:16as part of what they talk about in their business.

02:18As a CFO, I want my financial reports to be accurate and timely in a safe and secure

02:23manner.

02:24I want the data to be secure.

02:26Be nice to say those things.

02:27I think that's the number one thing that CEOs can do.

02:29Do you think they are doing it?

02:31I think there's an epic shift.

02:32I think there's an epic shift.

02:34When I started in the technology sphere, right, way back when, when networks didn't actually

02:41talk to each other, no.

02:43But now because of some of the largest, whether it's, whether it's the most recent telcos

02:49that have all had some version of breach from one of the largest nation state actors that

02:54the FBI published reports about, yeah, they're paying attention now.

02:57I don't think that they know exactly what they should and shouldn't do to reduce risk

03:03and the relying heavily on many people in the organization to help them figure that

03:07out.

03:08Unfortunately, most of the CISOs in the world today are reporting into two or three layers

03:14below the CEO.

03:15So a lot of things get diluted by the time they get to the CEO.

03:18And something the CEO should also consider in terms of investment, where do you recommend

03:22organizations focus their spend when it comes to cybersecurity?

03:27Those five things that I talked about.

03:28You start off with threat intelligence.

03:30You deal with everything associated to enduring threat hunts.

03:33You teach your people, you test, test, test, and you make sure you know what assets you

03:36have on your network.

03:37If you can focus all your dollars on those things, you'll be in a much better perspective

03:41or a much better position to mitigate threats.

03:44Arguably nothing more important for companies out there today than cybersecurity.

03:48Jim Gwynne, thanks so much.

03:49Thank you very much.

03:50I appreciate it.

03:51This segment was brought to you by EY, helping to shape the future with confidence.

Category

Transcript

Be the first to comment

Recommended