View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Tech Leaders Club: The cybersecurity agenda

How can cybersecurity leaders reduce ransomware risk and what makes security awareness training effective? Just two of the topics discussed at Tech Monitor's latest Tech Leaders Club event.

By Pete Swabey

How can cybersecurity leaders reduce the risk of ransomware? What makes security awareness training effective? And is there really a cybersecurity skills shortage?

These were just some of the topics discussed at Tech Monitor‘s latest Tech Leaders Club event, a forum for senior technology decision-makers to share in the insight and experience of their peers. The discussion, which focused on cybersecurity and took place under the Chatham House Rule, is summarised here.

Our next two Tech Leaders Club dinners are now open for registration to qualifying executives. Taking place in London, they will focus on cloud (15 September) and digital innovation (17 November).

cybersecurity agenda discussion held at London's Gherkin
The latest edition of Tech Monitor‘s Tech Leaders Club took place in London’s ‘Gherkin’. (Photo by Davide Catoni / iStock)

Cybersecurity lessons from the pandemic

For many of the security leaders in attendance, the shift to online collaboration tools did not itself introduce new risks, as they had been in place before the pandemic.

But, in some cases, the fact that employees were working at home did have cybersecurity implications. For example, more than one attendee noted that junior staff in shared accommodation presented a new security headache, as they might be discussing sensitive information within earshot of their housemates.

The pandemic was also accompanied by an uptick in online fraud, delegates discussed, perhaps as lockdowns closed off other opportunities for criminals. One attendee, from a financial institution, shared how its website had been entirely cloned to trick victims into sharing their bank account details. “They didn’t do a bad job,” he recalled.

Delegates discussed the barrage of ransomware that has plagued businesses and public sector organisations in the last two years. A security risk manager from a large financial institution shared how one of its suppliers, an SME, had been presented with a ransom demand. The institution lent its technical expertise to help the SME neutralise the threat, thereby avoiding disruption to its own operations.

Effective back-ups, delegates agreed, are essential for mitigating the risk of ransomware. Other strategies discussed include ‘devaluing data’, through encryption, so that it is less tempting to criminals, and getting to know ransomware negotiators so they can be contacted when the need arises.

Content from our partners
How to turn the evidence hackers leave behind against them
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer

Another is defining the minimum IT systems that an organisation would need to get back up and running if entirely disrupted by a ransomware attack, and maintaining it in ‘air-gapped’ infrastructure.

One delegate was clear in his mind what has caused the ongoing ransomware spree: Bitcoin. The cryptocurrency has given criminals an easy way to receive ransoms without being traced by law enforcement, he argued. “Stop Bitcoin, and you stop ransomware.”

Cybersecurity: the human aspect

The human dimensions of cybersecurity loomed large in the conversation.

The recent uptick in online fraud has required organisations to make sure their cybersecurity awareness training is up-to-date and effective. For a security executive from a manufacturing company, employee engagement with cybersecurity training improved when the company started to discuss it as a dimension of safety – a crucially important topic in the industry.

“You have to learn the dialect of cybersecurity” within each organisation, he advised.

It has been reported that burn-out is on the rise among cybersecurity professionals, perhaps due to their heightened awareness of ongoing risks. Delegates agreed that this is a danger, but that staff burn-out is a reflection of bad management. “No one person should feel the weight of cybersecurity risk on their shoulders,” said one.

The quality of management in the cybersecurity profession was laid bare in the pandemic, said another attendee. Remote working made clear who had the leadership skills to engage their teams from a distance, he said, and who did not.

Not all cybersecurity professionals should be required to enter management, however, and delegates praised employers that offer non-management career paths for technically proficient staff.

Poor management can also be seen in the so-called skills shortage that afflicts many employers seeking to fill cybersecurity roles, argued the CISO of an international company. There are plenty of candidates with the ability to learn and thrive in cybersecurity roles, she said, one just needs to be able to recognise them.

“I’ve never seen a skills shortage,” she concluded. “I’ve just seen people who don’t know how to hire.”

Read more: Employers are desperate for cybersecurity skills. Hiring practices are turning people away

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU