Skip to Main Content

On Oct. 29, the Exec Club held a Business Technology Forum: Winning the War on Cybersecurity, moderated by Robert E. Kress, Managing Director of Accenture.

The 2020 SolarWinds malware hack and the 2021 Colonial Pipeline ransomware attack confirmed the growing cyber-risk threat to businesses, four IT experts told a club audience. How to respond? By treating cybersecurity as a key responsibility for all senior-level executives, not as another back-office chore.

The panel offered several arguments why it’s crucial for businesses to mount aggressive defenses against hackers

  • The rise of ransomware attacks that can destroy an organization.
  • The growing interconnectedness of organizations as they employ more digital tools.
  • The work-from-home trend, which creates new vulnerabilities.

“We are hyper-connected to every company and country around the world, whether it’s a direct connection and you’re doing business with them every day, or it’s multiple hops away.”

-Jennifer Bisceglie, Founder and CEO, Interos Inc.

“How do you train people to be secure at home just like they would be in the office, because they might be in a different mindset? We doubled down and continued to emphasize safe remote-work training.”

– Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance

Because risks are everywhere, the best posture is to adopt a “zero trust architecture,” which Kress defined as “treat everything as a threat. Don’t trust anything.”

“The simplest way is don’t give access to people who don’t deserve it. Use the principle of least privilege. The same goes for devices, the same goes for applications, and only the network segments that need to talk to each other should talk to each other. So you can contain the blast radius to be as small as possible when a ransomware goes ‘poof’ in your environment, or malware of some sort goes ‘poof’.” 

– Harpreet Sidhu, Managing Director, Global Managed Security Services Lead, Accenture Security

The panel had advice about how to prevent attacks and mitigate damage by black hats. It starts with making cybersecurity awareness and training part of the culture of the organization.

“We warn people that phishing tests are coming. I’ll get emails forwarded to me from employees saying either ‘nice try’ or ‘could you take a look at this one?’…I have a joke sometimes when I’ll say, ‘Hey, if you’re getting ready to click on a link for pizza or an iPad or whatever, come talk to me and we’ll get into a negotiation. I’ll probably buy you that thing before I let you click on that link’.”  

  – Justin Stahl, Vice President of Information Technology, Chicago Bears

“Going back to my military days, we used to say ‘sweat in training reduces blood in combat.’ There is just no substitute for sitting down with your board or your senior executive team and going through ‘what if?’ scenarios. It’s OK to theoretically talk about ‘Would we pay ransom? How would we do that?’”

– Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance

 

Companies should recognize that attacks are becoming more sophisticated. Don’t wait for the worst to happen. Prepare.

“When I saw that ‘Fast and Furious’ movie where the hackers take control of all these IoT sensors and cars were falling off garages, it’s no longer just a scenario. It’s been proven to be true.”

– Harpreet Sidhu, Managing Director, Global Managed Security Services Lead, Accenture Security

“Somewhere behind every cyber attack is a human being, and that human being is counting on another human being to make some mistake.”

– Paige H. Adams, Global Chief Information Security Officer, Zurich Insurance

Ready for more?

Watch the full program on demand.

Winning the Invisible War on Cybersecurity

See What Else Is Happening

Browse All Our Upcoming Events And Keep Learning, Growing, And Connecting