executive contributor panel - ec-council · 2018-09-05 · tari schreider chief cybersecurity...
TRANSCRIPT
CISO MAG | July 2018 CISO MAG | July 2018
Volume 2 | Issue 6Volume 2 | Issue 6
54
Thank You to theExecutive Contributor PanelTari Schreider Chief Cybersecurity Strategist and Author Prescriptive RiskSolutions, LLCRenee Brown Small CEO, Cyber Human Capital, and Author, Magnetic HiringChris Roberts Chief of Adversarial Research and Engineering LARES ConsultingRaymond Teo Senior Vice President, Business Development, APAC NTT SecuritySouti Dutta Lead Threat Analyst - SOC Services, PaladionAseem Ahmed Sr. Product Manager - Cloud Security, Akamai TechnologiesBhaskar Agastya Country Manager, IxiaNitin Kumar CM&AA, CMC, Senior Managing Director - Technology, Media & Telecom, FTI ConsultingRichard Seiersen SVP & Chief Information Security Officer, LendingClubAgnidipta Sarkar Global Information Risk & Continuity Officer DXC TechnologyJason Bloomberg President, IntellyxDeepak Maheshwari Director of Government Affairs in India & ASEAN for SymantecLee Carsten Vice President, Client Executive, Stroz FriedbergSebastian Hess Cyber Risk Executive, AIGCraig Moss COO, CREATe ComplianceSteve Durbin Managing Director, Information Security Forum
We have turned one!
On July 14, 2017, we launched CISO MAG with a vision to provide unbiased
and useful information to information security professionals working in critical sectors to help them prevent, respond to, and counter security challenges. It has been a year of anxiety, long hours, and sleepless nights. But it has all been worth it.
Over the last year, CISO MAG has been able to reach 50,000 readers across 100 countries. We have interviewed over 50 security leaders and built a solid community of C-level executives in the information security domain. We have become a voice in the industry.
I would like to take this opportunity to acknowledge the contributions made by our Editorial Advisory Board, Executive Contributor Panel, and the hard working professional staff of CISO MAG.
Last but not the least, I would like to thank the readers of CISO MAG for your interest. It is your continued feedback that has enabled us to get better with every edition. Please keep sending your feedback and ideas for further improvement of our magazine at [email protected].
Jay BavisiEditor-in-Chief
Volume 2 | Issue 6July 2018
EditorialInternational EditorAmber Pedroncelli
Senior EditorRahul Arora
Senior Feature WriterAugustin Kurian
Media and DesignMedia Director
Saba [email protected]
DesignerJeevana Rao Jinaga
ManagementExecutive DirectorApoorba Kumar*
Senior Director, Compliance & Governance
Cherylann [email protected]
Marketing & SalesGeneral ManagerMeghana Vyas
Marketing ManagerPooja Saga
Riddhi [email protected]
Sales Manager - IndiaBasant Das
Sales Manager - North AmericaJessica Johnson
TechnologyDirector of Technology
Raj Kumar [email protected]
* Responsible for selection of news under PRB Act. Printed & Published by Apoorba Kumar, E-Commerce Consultants Pvt. Ltd., Editor: Rahul Arora.The publishers regret that they cannot accept liability for errors & omissions contained in this publication, howsoever caused. The opinion & views contained in this publication are not necessarily those of the publisher. Readers are advised to seek specialist advice before acting on the information contained in the publication which is provided for general use & may not be appropriate for the readers’ particular circumstances. The ownership of trade marks is acknowledged. No part of this publication or any part of the contents thereof may be reproduced, stored in a retrieval system, or transmitted in any form without the permission of the publishers in writing.
CISO MAG | July 2018 CISO MAG | July 2018
Volume 2 | Issue 6Volume 2 | Issue 6
76
Privileged and excited to be in the journey of making CISO MAG, one of the best sources of relevant and focused input on Cyber Security.
- Sunil Varkey -Chief Information Security O cer,
Wipro Technologies
I’m very happy to be an advisor to CISO MAG. It is a well thought out, industry leading magazine that helps CISOs connect, learn, and grow in their careers.
- Geo� Hancock -Principal at Advanced Cybersecurity
Group
Honored and proud to be a part of the CISO MAG advisory board. CISO MAG is a must read for every CISO, experienced or not. CISO MAG is one of the many examples how EC-Council tries to make our world more secure, a better place to live in.
- Patric J.M. Versteeg -Chief Information Security O cer
Constant learning is required to be pro�cient in information security. CISO MAG embodies this approach.
- Phil Agcaoili -Senior Vice President at U.S. Bank
and Chief Information Security O�cerat Elavon
CISO MAG provides me with timely and comprehensive information addressing the array of cybersecurity and related topics. CISO MAG provides - right topics, right information that are communicated e�ciently. Bottom line: CISO MAG provides a strong ROI on engagement time and all other aspects.
- Marc Glasser -Cybersecurity Consultant and Author
I am on the Board of Advisors and I have enjoyed working with the CISO MAG. I feel that the the organization and the magazine provide an insight into the changing role of a CISO. �e magazine provides both informative articles and trends. I look forward to many years with the CISO MAG.
- Betty Lambuth -Private Consultant
Having been working with Rahul and the team for a while now. It is a pleasure to congratulate the magazine on its anniversary! I love the topics and the fact they push the envelope on providing topical, useful intelligence to the community...long may that continue!!.
- Chris Roberts -Chief of Adversarial Research and Engineering at LARES Consulting
FROM OUR EDITORIAL ADVISORY BOARD
CISO MAG | July 2018 CISO MAG | July 2018
Volume 2 | Issue 6Volume 2 | Issue 6
98
24
40
60
INDEX INDEX
BUZZGetting Cybersecurity Metrics Right: Measuring Maturity versus Results
IN THE NEWSTop Stories from the Cybersecurity World
COVER STORYInsiders: The Achilles Heel
IN THE HOTSEATHigh-Profile Appointments in the Cybersecurity World
UNDER THE SPOTLIGHTErka KoivunenChief Information Security OfficerF-Secure
KICKSTARTERSStartups Making Waves in the
Cybersecurity World
INSIGHTCybersecurity in an Insecure World
COLLABORATIONSInfosec Partnerships
12 54
32 64
48
CISO MAG | July 2018 CISO MAG | July 2018
Volume 2 | Issue 6Volume 2 | Issue 6
2524 2524
THEACHILLES
HEEL
INSIDERS
Augustin Kurian
COVER STORY
COVER STORY
CISO MAG | July 2018 CISO MAG | July 2018
Volume 2 | Issue 6Volume 2 | Issue 6
2726 2726
Information security expert and author Jason Coulls often keeps an eye on cybersecurity issues related to Canadian banks and
telecommunication companies in his spare time. In June 2017, while browsing Github, an online code sharing and version control service where coders often share their open source projects, he spotted a huge trove of sensitive documents of several American, Canadian, and Japanese financial institutions on the platform. The repository in the public domain contained migration plans, estimates, presentations, and other sensitive data that could have put those companies at risk. He counted the data of six Canadian banks, two American financial organizations, a multinational Japanese bank, and a multibillion-dollar software company.
Further research into the breach revealed that the data leak was either an accidental mistake or a rather enormous failure of the common-sense of a developer working with Indian IT service giant Tata Consultancy Services (TCS). Coulls immediately notified the banks about the leak. “This was a new level of monumental head scratching activity, as you could literally fork or clone an entire repository of containing architecture details and roadmaps for some of the largest financial institutions in North America,” he wrote in his blog.
“The good news is that none of it was banking customers’ data, it was mainly auxiliary data,” Coulls told The Register post the incident. “But there was still a lot of useful stuff there – not just for hackers but for the firm’s competitors. The first
bank that gets in to look at it gets to see what everyone else is doing.” Coulls also roasted TCS for not firing the employee immediately once the incident was discovered.
There are some takeaways from this incident. First, you’re only as strong as your weakest link. And sometimes your weakest link can be your employee making horrible mistakes, or it can be someone working for a third-party organization or a vendor.
The incident highlights what havoc accidents can wreak, but it might be even more staggering to find out that one in four employees have intentionally leaked confidential data. This surprising stat was discovered when data privacy and risk management company Egress Software Technologies did a survey of 2,000 UK workers. It’s probable that even the researchers didn’t anticipate such a dramatic result.
The report highlighted that employees who leaked information were likely to share data with their new or former employers or even competitors. The shared information, according to the report, ranged from bank details to customer information. Nearly half the respondents also stated that they had either already deleted or will delete emails from their sent folder if they felt the need for a cover-up.
Whether intentional or unintentional, insider threats are way bigger than we anticipate. A survey by Vanson Bourne concluded that insider threats pose a greater risk to companies than external threats by vectors like breaches and hackers. In fact, it pointed out that 74 percent of
When considering the extended enterprise,
meaning employees, customers,
suppliers, or even previous
employees, the number
increases to 74 percent. Although most companies,
65 percent, believe that these inside incidents are accidental, that data still
suggests a serious need for more extensive
security education within
businesses
COVER STORY
COVER STORY