Stephen Cavey, co-founder and chief evangelist of Ground Labs, joined a panel of senior leaders at the recent e-Crime & Cybersecurity Mid-Year Summit event hosted by AKJ Associates.

The panel, consisting of security and data protection leaders from the retail, sport, technology, and banking sectors, tackled a wide range of current challenges faced by CISOs and cybersecurity teams in a thought-provoking debate.

Misplaced perceptions and unrealistic expecations

Among the panel, there was broad agreement that businesses lack a clear understanding of cyber-risk, particularly as an integrated part of wider enterprise risk management (ERM) frameworks.

ERM processes do not adequately manage security risks despite the inclusion of risk assessments in many cybersecurity standards. Cybersecurity is often overlooked entirely or reported as a single risk, but should instead be treated as an independent risk category.

This leads to siloed management of cybersecurity in many organizations, with the burden of liability carried solely by the CISO. The panel judged the pressures placed on the modern-day CISO to be unrealistic, which is arguably contributing to high rates of burnout among senior professionals.

Remote working and the drive to the cloud

CISOs are fighting an uphill battle to deliver against overwhelming expectations, while also supporting their organizations in navigating the challenges and risks of managing data in a cloud-first, remote-worker environment where boundaries of control become blurred.

Digital transformation programs have advanced organizations' adoption of cloud services by 3-5 years, and the pandemic has accelerated this process. As a result, data has become much more dispersed, fragmented across myriad cloud platforms and services of which many organizations lack adequate visibility and control.

Managing the expanding supply chain

As the world becomes more digital, the threats to cloud services, platforms, integrations, APIs, and the supply chain are becoming more complex. The panel agreed that third party assurance efforts need to evolve beyond the checklist, demanding a deeper interrogation of supplier operations and practices more frequently. Further, organizations need to ensure their suppliers apply the same rigour to their own supply chain.

Recognizing the importance of collaboration, the panel suggested that larger organizations should engage with their smaller suppliers and support them through a more rigorous process, sharing their knowledge, expertise and experience.

Ground Labs would like to thank Simon Brady of AKJ Associates for hosting the panel, and our fellow panellists for sharing their insights and experiences: Punit Bafna, Information Security Engineering Principal, BP; Stuart Golding, CISO, WHSmith; Victor Murineanu, Information Security Manager, Chelsea Football Club; Matthew Kay, Data Protection Officer, Metro Bank.

Want to keep up with all our blog posts? Subscribe to our newsletter!

Subscribe