teissTalk: Building resilient infosec teams

On 10 July 2025, teiss Talk host Thom Langford, was joined by Raza Sadiq, Head of Enterprise Risk, MQube; Sara Carty, Founder & CEO, Unboring; Christoph Schuhwerk, CISO in Residence, EMEA, Zscaler.

Views on news

M&S confirmed that the retail outlet’s network was initially breached in a "sophisticated impersonation attack" that ultimately led to a DragonForce ransomware attack. Cybersecurity awareness trainings have been around for quite some time, but users seem to be overwhelmed by the number of bad practices they are taught to avoid. The incident also highlights the importance of minimising supplier risk. Hackers relying on social engineering know how to engage with their victims and sometimes understand their psychology better than, for example, marketers do. While we have the technology to prevent users from accidentally giving away their passwords, it’s harder to prevent sharing them intentionally under pressure. 

 

Aiming for resilience by design

Leaders still often question whether their company needs to invest more in personal resilience. However, it’s important for them to understand that it’s a key component of business resilience. The approach to security training much change to make it more engaging and to break with obsolete methodologies such as e-learning while leveraging new ways of consuming content. Having streamlined recovery plans on hand when the worst happens is also key crucial to managing human resources efficiently during recovery. There are also self-assessment questionnaires to see what kind of a persona a user is when it comes to individual resilience. Resilience at work can also positively impact behaviour outside working hours. 

Larger organisations must also face the challenge presented by having many different stakeholders compared to small, agile ones. Companies should also establish a channel of communication where colleagues under too much cyber pressure can talk to someone about feeling overwhelmed. Recovery plans should include not only plans regarding how to communicate the incident externally but also information to be shared with employees following an attack. Security leaders, however, must also make sure that they don’t overprepare their staff. In a sound company culture, employees will be more willing to step up for their company or go the extra mile to help it recover from a crisis. Mature organisations can also have subcultures that demonstrate immature behaviour and these are the vulnerabilities that must be identified and managed. 

The panel’s advice

• Modern hackers don’t hack, they log in.  
• To achieve cyber resilience, it’s key that people at the top speak to those who are further down or at the bottom.
• Discuss with employees what makes security training difficult for them.
• Create communication channels that enable you to communicate with the right people in times of crisis.
• Embed security in the company culture.