Interview with a CISO: Insights into Cybersecurity Challenges and Strategies for 2024

In this revealing interview, SOCRadar connects with Chief Information Security Officer (CISO), Nigel Sampson, to delve into the prevailing cybersecurity challenges and the defense strategies effective against them. Sampson sheds light on the escalating threat of ransomware, the role of Artificial Intelligence and Machine Learning in cybersecurity, and shares practical advice on adapting to the evolving threat landscape. His insights underscore the importance of a robust cybersecurity strategy in safeguarding organizational assets against both current and emerging cyber threats.

Nigel Sampson, CISO of Alegeus and the Global Leader of Cybersecurity for IDG (International Data Group)

1. What are the top three threats considering your industry & region, and what reasons made you prioritize them that way?

Without getting into much detail, I will say ransomware is our main focus due to its growth and impact. I see this as the most impactful type of threat as it has many threat actors using various methods to infiltrate businesses, and 40% of businesses have more than one ransomware attack in a year.

2. Ransomware attacks have been on the rise. Can you share any insights on what strategies and technologies should be implemented to detect and mitigate ransomware attacks effectively?

Firstly, security awareness training for employees is one of the simplest ways to combat ransomware. Giving employees the tools to identify and block phishing emails that can lead to ransomware is key. Secondly, secure email gateways provide an automated solution to block suspicious emails with attachments or URLs that lead to breaches. Setting up DMARC and SPF may be useful, but some businesses that send emails on behalf of their customers cannot use these types of technologies due to the risk of being blocked by SPAM detectors. Third, Endpoint Detection and Response catches any gaps in the secure email gateway or perimeter defenses. A good EDR will prevent an attack on the endpoint, whether its in memory or in the file system.

3. What impact do you think artificial intelligence and machine learning will have in the next years, and what opportunities and dangers lie there for the cyber world?

AI and ML have been around for at least 5-8 years. Some security vendors have mentioned their products already using AI and ML. AI has grabbed media attention because of other applications, and now cyber is part of the mix. With investment, AI can become the glue that holds a cyber program together and makes it more efficacious and efficient. Ultimately, it can reduce the cost of cybersecurity. The full effect of AI an ML on cybersecurity may not be felt for another 5-8 years.

4. Can you discuss the role of artificial intelligence and machine learning in modern cybersecurity strategies? What impact have these technologies had on your organization’s security posture?

Some security vendors claim to use AI in their solutions. IBM Security uses Watson, for example. But, the application of AI and its effectiveness depends on the investment made to encompass all domains within cybersecurity. I have enlisted best-in-class solutions that include AI as part of their solution and it has worked very well.

5. How do you monitor and audit the cybersecurity practices of your suppliers and vendors to ensure compliance with your security standards? 

It’s difficult to fully be aware of the security hygiene of a vendor. Without conducting an audit, you need to rely on third-party audit reviews such as SOC 2 audits, PCI audits, ISO27001 certification, etc. Using solutions such as Onetrust for third-party risk management and RiskRecon or SecurityScorecard for GRC are key elements to obtaining a risk 360 view of your supply chain.

6. How does your organization increase its vigilance against emerging threats on the Dark Web, and what Cyber Threat Intelligence use cases do you think are useful? 

Using a third party to constantly monitor the dark web is key. It is a good way to review chatter and anything relevant to your organization. Whether it’s stolen credit cards belonging to your company or employee credentials for sale, a third-party security company that monitors for that activity and hires the best analysts to conduct that investigation is the best course of action. 

7. The attack surface has expanded with the rise of remote work. How has your cybersecurity strategy adapted to the changing work environment, and what measures have you taken to secure remote access?

Remote work isn’t anything new. It’s just more prevalent, and more businesses are using it. Ensuring the security of the endpoint is key. Applying a good EDR solution with zero trust networking or filtering are great solutions for remote work. The focus needs to be on how to secure data that the endpoint has access to. Data Loss Prevention assists with keeping data within the confines of the network. However, videoing screens of confidential data at home isn’t preventable. Offices provide “screen security”. People that see other employee screens are normally from the same department with the same privileges. Now you have screens in homes where unknown entities could view confidential information. This becomes a big problem for those businesses in healthcare and PCI-certified business. Privacy screens and short screen timeouts are good controls, along with a solid DLP solution. A mobile security policy should also be considered. 

8. Cybersecurity is a dynamic field. Can you share your thoughts on emerging trends or technologies that you believe will significantly impact the cybersecurity landscape in 2024 and how organizations should prepare for them?

Security solution consolidation is happening. Many security companies are expanding their scope of solutions and attempting to be the one-stop shop. I see more security businesses following this path and the industry beginning to consolidate. Those companies that have a market share in one domain will need to expand capabilities as they face constant competition with startups and bigger fish buying their smaller competitors to gain market share. I see more companies pushing AI as a supporting technology to their solution and a focus on MDR as businesses struggle to maintain or obtain FTE levels.

9. Regarding the question above, which cyber security categories should be prioritized in 2024 budgets?

Every business is different. At different levels of maturity, with different capabilities and budgets. However, the same threats remain for all businesses. Ransomware, phishing, malware, denial-of-service are all attacks that can affect a business operation. Those types of attacks are only growing. Categories to focus on would be secure email, endpoint protection, data loss prevention, and security awareness training.

10. How do you balance the need to address known threats versus preparing for emerging or unknown threats in your threat prioritization strategy?

Visibility and control coverage are necessary to combat today’s and tomorrow’s emerging threats. Knowledge is power, therefore, threat intel combined with a good fabric of security solutions covering all or most domains provides a solid foundation to protect an organization.

11. How do you prioritize security investments to address emerging threats in 2024? Are there any particular areas where you see the need for increased investment?

I look at financial and operational impact. I also look at the likelihood of the threat posing a risk to the organization. Areas that need increased investment will always be employee training and hiring. Threat intelligence would be another area.

12. In your role as a CISO, you likely interact with executive boards and stakeholders regularly. How do you build effective communication with non-technical stakeholders to overcome your challenges? 

Defining the cyber program in layman’s terms. Providing key KPIs and explaining what they mean and why they are important. Using industry standards such as NIST CSF or CMMC to explain maturity. All boards are different, with different levels of cyber understanding. You have to know your audience in order to know how you can explain things.

13. Ensuring cybersecurity is not solely a technical challenge; it’s also a cultural one. How do you foster a cybersecurity-aware culture throughout your organization, from executives to employees?

Security awareness training is where I start. Fostering a good solution that explains how attacks happen. Providing guidance on what individuals can do to protect their work, the organization, and how they can use what they learn at work to protect their personal assets.

14. From a CISO perspective, which essential skills and cyber security experiences are required to excel in this field as a professional?

A broad background. My technical skills in computer operations, network engineering and management, coupled with 10 years of security assessments, audits, and risk management, and in the last 14 years of security engineering and management, provided me a great foundation in systems and networking as well as security and risk management.

15. In your opinion, what is the most frequently used cyber security solution/website by your organization and why?

We don’t focus on specific solutions or sites. We look at many in order to provide a global view of the risk landscape and control capabilities.

16. Lastly, what is the advice you would like to highlight to other CISOs?

Understand who owns the risk. CISO’s don’t own risk; they highlight and report. They mitigate and protect. The Exec team makes risk decisions, the board owns the risk and audits risk decisions and advises.

The post Interview with a CISO: Insights into Cybersecurity Challenges and Strategies for 2024 appeared first on SOCRadar® Cyber Intelligence Inc..

Article Link: Interview with a CISO: Insights into Cybersecurity Challenges and Strategies for 2024