Modern cyber security professionals have one of the toughest jobs in the history of the commercial enterprise, according to George Little. Comparing the state of cyber crime to a bank having to fend off bank robbers every single day, he noted that the current threat landscape means that companies are dealing with intruders at a scale and volume that is unprecedented in human history.
A partner, cyber security, data and privacy global lead and head of the Washington office at the Brunswick Group, Little made this assertion while delivering the international keynote address at the ITWeb Security Summit in Cape Town yesterday.
While these realities might drive cyber security professionals to hold their cards a little closer to their chests, he encourages the opposite. Within reason, of course. “The temptation is to close the gates, but we need to find ways as a cyber security community to share more with the right people across trusted networks so that we can identify and defeat threats more quickly,” he says.
Discussing the cyber trends the industry should be aware of in 2024, Little highlighted some new and old threats – from a rise in ransomware and artificial intelligence (AI) to supply chain vulnerabilities and geopolitical complexities. What these trends reveal is that the ‘bad guys’ are becoming more and more sophisticated and are evolving their tactics and business models – using all means at their disposal to improve their craft and perpetrate an increasing number of attacks.
Common mistakes
Having painted a picture of the threats that should be on every cyber professional’s radar, he detailed where companies might be getting things wrong and suggested what they can do to get it right.
According to Little, common mistakes include failing to elevate cyber security as a major business priority, not considering the needs of different internal and external stakeholders and, perhaps most importantly, noy being adequately prepared for when an attack happens.
To mitigate these, Little believes it’s important to assemble cross-function teams that are able to identify the different risks that exist across the business. It’s equally essential to put various stakeholders at the centre of decision making and build muscle memory among cyber teams by consistently prioritising cyber preparedness.
Companies spend too much time thinking about ‘if’ something happens but fail to adequately prepare for ‘when’ something happens.
George Little, Brunswick.
Little went on to share some of the lessons he and his team have learned from handling over 150 cyber incidents. Here, again, he highlighted the importance of being prepared. “The best offence is a good defence,” he said. Companies must plan for the worst and take the time to prepare for potential scenarios before a real crisis strikes.
With all of this in mind, Little stated that people working in cyber today have to wear so many hats – they have to be lawyers, proficient communicators, trusted business partners and cloud service experts. But, in saying this, it’s important to remember that cyber is a team sport; it’s not only about tech. Today, successful cyber strategies involve different internal and external stakeholders to ensure that security is always front of mind.
“Unfortunately, companies spend too much time thinking about ‘if’ something happens but fail to adequately prepare for ‘when’ something happens,” he concluded. In 2024, this is a big mistake.”
Share