What is the cyber threat and why does it matter to my business?
March 14, 2017
In preparation for CAMSS UK 2017, CAMSS World spoke with Dane Warren, CISO at Intertek and speaker at the event - who was recently recognized as a top 100 enterprise CISO - to discuss what the cyber threat is and why it matters to the business.
[CW] What is your perspective on the current state of cyber security in the UK?
[DW] I think UK companies are doing well, and this is largely due to their sincere concern to protect personal and corporate data – supported by an active government who is doing its utmost to help organisations manage this emerging and evolving risk.
[CW] As an experienced security professional, currently serving as the CISO of a FTSE 100 organisation, can you explain why an effective security strategy is so vital to the business?
[DW] An effective security strategy can act as another opportunity to demonstrate doing business in the right way, and provide customers a sense of assurance over their data. A cyber security strategy can be complex and confusing for some organisations, and the temptation for them to invest in every aspect to cover every risk is real; companies want to reduce risk for their customers. However, this scattergun approach can lead to a very expensive program that is ill suited to those organisations. So, being part of the business conversation, understanding the business risks, and the applicable threat profile can enable an effective marriage of technology and business that provides adequate cover; supporting the appropriate business and risk goals.
[CW] Why is educating the board important and why is this a difficulty for many security executives?
[DW] The board has ultimate oversight and responsibility to ensure that the business is operating within appropriate risk boundaries; it is the role of the cyber security executives to help the governing parties understand the impact of technology on their business; helping them to understand the risks and opportunities in this new paradigm. Some security executives speak to their business leaders in terms which seem rudimentary to security professionals – full of jargon and ‘tech-speak’, and this can often lead to a short and ineffective conversation.
[CW] What can CISOs do to combat this?
[DW] The security executives need to communicate in terms that are rudimentary to business leaders, speak in terms of business impact, supported by facts; no FUD. Effective communication is paramount – understand the topic and audience. As Einstein said: "If you can't explain it simply, you don't understand it well enough"; carry that forward and explain the risks in terms your audience can understand.
[CW] At the CAMSS UK 2017 conference, you will be running a session on "What is the cyber threat and why is it important to my business?". What do you aim to address and what do you hope for the attendees to take away from this?
[DW] I hope to stimulate discussion on business (impact and risk) and technical (threat and vulnerabilities) so that we can generate creative discussion to identify and appreciate new frames of reference for us all; helping us identify more opportunities to better communicate with our business stakeholders.
About CAMSS UK 2017: CAMSS UK represents the highest quality, most valuable environment for both IT and Line of Business executives from across the region and designed to provide the optimum environment for senior executives across IT, Security, Governance, Data, Analytics, Digital, Marketing and Customer Experience to gather and share best practices on digital innovation and business strategy. For more information and to register go to www.camssuk.com
About Dane Warren: Dane is currently the Global head of IT Security (CISO) at Intertek. Dane also spent several years as a Director of IT Security at Zurich Insurance Company, in charge of business information security for a number of APAC, European and Middle Eastern countries. His earlier roles include Head of Information Risk and Security at Virgin Mobile (Australia), and CSO - Financial Services (APAC) at EDS. Dane has over 15 years of experience in IT Security, and holds a Master in Business IT Management from the University of Technology Sydney and several security certifications and accreditations.