The 2020 SolarWinds malware hack and the 2021 Colonial Pipeline ransomware attack confirmed the growing cyber-risk threat to businesses, four IT experts told a club audience. How to respond? By treating cybersecurity as a key responsibility for all senior-level executives, not as another back-office chore.
“We are hyper-connected to every company and country around the world, whether it’s a direct connection and you’re doing business with them every day, or it’s multiple hops away.”
-Jennifer Bisceglie, Founder and CEO, Interos Inc.
“How do you train people to be secure at home just like they would be in the office, because they might be in a different mindset? We doubled down and continued to emphasize safe remote-work training.”
– Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance
“The simplest way is don’t give access to people who don’t deserve it. Use the principle of least privilege. The same goes for devices, the same goes for applications, and only the network segments that need to talk to each other should talk to each other. So you can contain the blast radius to be as small as possible when a ransomware goes ‘poof’ in your environment, or malware of some sort goes ‘poof’.”
– Harpreet Sidhu, Managing Director, Global Managed Security Services Lead, Accenture Security
“We warn people that phishing tests are coming. I’ll get emails forwarded to me from employees saying either ‘nice try’ or ‘could you take a look at this one?’…I have a joke sometimes when I’ll say, ‘Hey, if you’re getting ready to click on a link for pizza or an iPad or whatever, come talk to me and we’ll get into a negotiation. I’ll probably buy you that thing before I let you click on that link’.”
– Justin Stahl, Vice President of Information Technology, Chicago Bears
“Going back to my military days, we used to say ‘sweat in training reduces blood in combat.’ There is just no substitute for sitting down with your board or your senior executive team and going through ‘what if?’ scenarios. It’s OK to theoretically talk about ‘Would we pay ransom? How would we do that?’”
– Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance
“When I saw that ‘Fast and Furious’ movie where the hackers take control of all these IoT sensors and cars were falling off garages, it’s no longer just a scenario. It’s been proven to be true.”
– Harpreet Sidhu, Managing Director, Global Managed Security Services Lead, Accenture Security
“Somewhere behind every cyber attack is a human being, and that human being is counting on another human being to make some mistake.”
– Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance
Browse All Our Upcoming Events And Keep Learning, Growing, And Connecting