teissTalk: Maturing the CISO role

teiss Talk host Geoff White was joined by John Rouffas, Chief Information Security Officer, Intelliflo as main guest;  Matthew Bryant, Chief Information Security Officer, 118 118 Money; and Stephen Moore, Vice President and Chief Security Strategist, Exabeam.

Views on news

Researchers at Bitdefender Labs said they had witnessed “waves of fraudulent and malicious emails,” some of which were engineered to exploit the charitable intentions of global citizens towards the people of Ukraine. One of the phishing campaigns detected was Agent Tesla, a malware-as-a-service (MaaS) RAT and data stealer that can be used to exfiltrate sensitive information.

Meanwhile, Remcos RAT is typically deployed via malicious documents or archives to give the attacker full control over their victims’ systems. 

The UK has been targeted by both of these malicious campaigns. This sort of activity has been building up even before the war started. Although the attacks seem to stem from IP addresses in the Netherlands and Germany, these IPs can be spoofed easily. As well as Intelliflo, nation states such as the Netherlands also work very closely with Five Eyes, an anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States of America. Although the general threat level to UK plc is heightened, currently there is no specific threat.

However, businesses in the financial sector are a hundred times more likely to fall victim to cyber-attacks even at the best of times. The current situation, of course, is a social engineer’s dream. While criminals during Covid tried to take advantage of people’s fears, now it’s their compassion.

Can technology help tackle the current challenges of talent retention and knowledge transfer?

Security now is not only about IT and technology but visibility across supply chains and third parties and their dependencies, as well as the company’s reliance on open-source code. The CISO isn’t just an extension of the IT team anymore but is integral to anything the business is doing, i.e. contract management, dependencies. Ideally, CISOs should be part of the Board.  As a CISO, you need to promote best behaviours and culture across the whole business. The CISO’s role should never be mixed up with the IT function and they certainly shouldn’t report to the CIO or CTO and be buried under someone else’s budget. In large organisations, the COO or the CAO may be roles that the CISO report to. They need the right level of independence and influence to reach their full potential. With cloud services, deployment times have shortened, therefore CISOs have less time to assess the security of a new system. Devops and software engineers now can spin up infrastructure at the push of a button. Automation can help with this, but you need to bake as much security into automated processes as you can.