What strategic investments for cybersecurity should businesses make in 2022, and should innovation be demystified?
As hybrid and remote work accelerate the transition to the cloud, cybersecurity teams are faced with an increasing number of threats, but also with rising security budgets and new, innovative technologies.
With Trish Lynch moderating this roundtable debate, the speakers include:
- Anuj Tewari, CISO, TMF Group
- Chuks Ojeme, Global CISO, Brenntag
- Daniel Adaraamola, Founder & Advisory Board Member, Young CISO Network
- Przemysław Dęba, CISO, Orange Poland
- Mark Guntrip, Senior Director, Cybersecurity Strategy, Menlo Security
Investments and innovation in cybersecurity
With over twenty years of experience in security marketing, Mark Guntrip leads cybersecurity strategy at Menlo Security.
“As we look at the cybersecurity investments, number one is still going to be around ransomware, and all the things that we need to do to stop it, mitigate it, prevent it, recover from it,” Guntrip says. “Second would be looking at SOC analysts, and the security alerts and the volume that they’re seeing—as the number of threats go up and the number of people does not”.
Daniel Adaraamola, CISO co-founder of the Young CISO Network, stresses the importance of investing in the cloud, while Anuj Tewari, CISO at TMF Group, mentions that, in the age of remote work, not only is the workplace decentralised, but so is a lot of data and intellectual property.
Therefore, Tewari goes on to say, businesses should focus on digital identity, providing multi-factor authentication and ensuring user security awareness through solutions such as phishing simulations.
Demystifying the Zero Trust security model
Zero Trust is a security model proposed by John Kindervag, according to which no user or device should be trusted to access unless verified. Introduced in 2010, it marked a shift from traditional security approaches, based on the “trust but verify” concept.
“In Zero Trust we absolutely shouldn’t trust the person, but we also shouldn’t trust the application, [or] the data that’s on there”, says Mark Guntrip.
But does the industry truly understand new strategies like Zero Trust, or do they need to be demystified?
According to Chuks Ojeme, CISO at Brenntag, it is up to security professionals to explain what Zero Trust means to businesses, in a way that it can be easily understood.
“Sometimes IT is talking too technical, and the businesses don’t understand what the impact [of Zero Trust] is”, Ojeme says. He goes on to argue that, when security concepts aren’t “sold” as essential for the business to run smoothly, “you meet some showstoppers along the way”.
Problems are also likely to occur when security officers don’t understand the business philosophy and objectives. “Security professionals and practitioners need to go closer to the business”, he concludes.
Rising security budgets
As business become more and more aware of the importance of cybersecurity, security budgets are rising. So what should CISOs be investing in, to ensure maximum protection?
Daniel Adaraamola believes it crucial to increase end-users’ awareness of innovation in cybersecurity. If that awareness is lacking, any other investment becomes a “lost investment”.
Adaraamola’s point is backed up by Przemyslaw Deba, CSO at Orange Poland. Deba argues that the most important investment is “in people–not only security teams, but also IT teams and network teams, and even regular employees […] This will eliminate simple mistakes and save unnecessary discussions about principles, about basics”.
Deba’s recommendation for businesses looking to further invest in cybersecurity is to first answer these three questions: 1) How can I maximise my profits using what I already have? 2) What am I making available on the internet and how do I control it? 3) What do I allow my employees to do, and how do I control it?
The answers to these questions will turn into a solid investment plan, Deba says.
This roundtable was brought to you in partnership with Menlo Security.