AMATAS CISO, Ivan Vladikin, revealed a behind-the-scenes look at his cyber security career, with insights into how he approaches leadership and building sustainable team culture.
Within the second part of our talk, we’re shifting the focus more towards understanding the role of the CISO in restoring balance within cyber security.
Working in an ever-changing environment, that faces a multitude of threats, can at times be the most rewarding challenge.
In this interview we will also outline the:
- Key skills a CISO should possess for efficiency and success
- Biggest threats that organizations face
- How companies could ensure they protect their most important asset - data
As Ivan Vladikin points out: “at the heart of any successful organization, you’ll find cyber security strategies woven into the business goals”.
What are the must-have skills for any CISO to be effective within the role?
CISOs are responsible for developing and implementing the institution's information security program. They must possess certain qualities that distinguish them from other organization leaders and senior managers.
The successful CISO thinks strategically about security. They understand how to balance the need for security with the need for business continuity, making risk management a critical skill.
Apart from risk management, CISOs also protect the organization's data and oversee security infrastructures. They have a solid technical background and understand how technology can be used to protect data, networks, and systems.
Within their experience, the CISO has understood that not all organizations have the same security budget. Thus, they've learned how to prioritize according to the business needs.
Professional CISOs understand the importance of data privacy. Their focus is on safeguarding the availability, confidentiality, and integrity of all assets belonging to both employees and customers.
The CISO has to be ethical and follow information security best practices.
Some other main soft skills they should possess are the ability to:
- communicate clearly security concerns to senior management and other stakeholders;
- organize, manage, and motivate a team of security professionals;
- stay proactive and takes steps to prevent cyberattacks before they happen;
- innovate and always look for new ways to improve security
What do you think are the biggest threats that organizations face?
The cybersecurity industry continues to face a seemingly endless list of challenges and threats.
Most recently, supply chain risks (exposing flaws in open source software such as Log4j) have led to new ongoing efforts to identify, mitigate, and aim to patch all affected tools.
The COVID-19 pandemic has also forever changed the way we work and how data is protected. Security administrators now have many new problems on their hands, including:
- enabling secure remote access connections;
- deploying technologies to maintain employee productivity while ensuring information security;
- enforcing remote access security policies;
- addressing home network security threats.
And as employees slowly start to return to the office, companies face another challenge: establishing a secure hybrid work environment.
Phishing attacks continue to be the biggest threat that organizations have to face. In recent years, malicious actors have started to use sophisticated strategies, thus becoming even more convincing in posing as legitimate business contacts.
We have also seen a rise in business email compromises (BECs). BECs are phishing campaigns that aim to steal business email account passwords from senior executives. Once they've gained access to the accounts, cybercriminals fraudulently request payments from employees.
Each year, ransomware, a most common cyber attack, affects thousands of companies and organizations. Their nature is becoming more and more frequent due to being one of the most profitable threats to cyber security.
Ransomware involves encrypting company data (so that it cannot be used or accessed) and then forcing organizations to pay a ransom to regain access to it.
Businesses have to make a difficult decision: to pay the ransom and potentially have huge financial losses, or cripple their services due to the data loss. The threat posed by ransomware attacks is the reason why businesses are now looking for more effective cloud backup solutions.
This is yet another challenge we face - cloud services have completely transformed the way data is stored. SMEs to large organizations now use cloud services to store their sensitive information.
Cloud services are a double-edged sword for business. Even though they have reduced costs and increased efficiency, the "cloud" has also created new opportunities for data security breaches. That's due to the lack of encryption and authentication, and also the incorrect configuration of the cloud settings.
How do you ensure organizations are protected against these threats?
The best way for organizations to stay protected is to empower their IT departments to improve their cyber security architecture. As well, organizations should have a full range of cyber security tools installed. Last, but not least, they should be able to provide their employees with appropriate training programs to ensure that all users are aware of security threats and know how to prevent them.
What’s your #1 advice to organizations in building a positive security culture - both within their operations and teams?
At the heart of any organization's success, you'd find an applied, systematic, and process-oriented approach to ensuring security that is simultaneous with company-wide operations and business goals.
This means that managed events should be considered as processes or as separate stages of processes. Also, all actions taken to sustain an organization's information security should be integrated and intertwined within the overall security strategy and policy.
The expenditure of resources should always be justified. It is incorrect to allow the cost of securing a specific asset to exceed its actual value or cost.
Managers should consciously assume the greatest responsibility in ensuring their organization's information security. Their role is the most decisive one within the whole process.
Did you miss the first part of our talk with Ivan Vladikin, AMATAS CISO? Make sure you have a look at it to discover what it’s like to work in a company, nurtured by vision, experience, and the highest information security standards.
If you are interested in discovering different opportunities in cyber and information security, join our journey to better understand the role of the Penetration Tester, Legal Advisor and Privacy Consultant, and Cybersecurity Specialist / Expert.