Security education, regulation, and strategy placed front and center at London business summit
Digital transformation is forcing businesses to shape up their cybersecurity posture and take into account not just the opportunities, but also the myriad risks that are presented by online communication.
This was one of the main takeaways from this week’s GRC Summit in London, where industry leaders stressed that although technological advances have enabled businesses to become more efficient and profitable, security should not be an afterthought.
“Security design has got to be a continuous process,” said Libby Denchfield, global head of cyber and information security risk at Standard Chartered Bank.
“When you are testing these controls on a much more continuous basis, you can find problems earlier and prioritize.”
Denchfield was speaking on a panel about cross-industry cybersecurity trends, alongside Mal Symth, global head of cyber governance, risk, and control at Vodafone.
“Cyber is something that’s been more active on the [Vodafone] board more recently,” Symth said, adding how the UK-based telecom operator has created educational material around the various cyber threats in order to facilitate improvements in risk management.
Cloud integration, phishing and spear-phishing, software supply chain issues, and mobile devices were some of the multiple threats that Smith cited as Vodafone cyber threat priorities.
“There’s lots of transparency on security incidents so that the board can understand what’s happening,” Symth said.
Staying on top of global regulations is also necessary to be able to operate effectively in the era of growing awareness about online privacy and data use.
“I think it’s great that regulations are there to protect the citizen and protect the consumer, but we have to think about what is it that the society wants of us as a company,” said Smyth.
“How do we develop our cyber strategy to enable that? How do we enable the digital society, as well as our business?”
This mindset needs to trickle down into employee training on common threat vectors such as phishing – something that Standard Charter Bank will be focusing on in the future, Denchfield said.
“It’s only through learning, and our mistakes, can we improve our processes,” she said.