On the 24th of October, The British Chamber of Commerce co-hosted a very interesting event in collaboration with BritChaM Member BT and Checkpoint in the Four Seasons Hotel. The breakfast-conference featured Kate Kuehn, Head of Security at BT Americas, and Emmanuel Ruíz, Country Manager for Checkpoint Mexico, as panellists, addressing “Cyber Security Talks: The five stages of cybersecurity maturity”.
We are proud to inform members that this event was the first initiative of the new Digital Transformation Business Sector Group, presided over by Rafael Fernández, BT’s General Director for Mexico, Central America and the Caribbean.
Emilio Diaz, BritChaM President and EY Partner, welcomed attendees and introduced Rafael, who explained why companies need to address the digital transformation journey.
Kate Kuehn began her presentation stressing that we all have a false sense of security, starting with denials such as “that won’t happen to me”, “it only happens to the big corporations or companies”, “there’s no way
Rafael Fernández BT’s General Director for Mexico, Central America and the Caribbean.
we’ll have a breach”. The truth is no one is exempt from attacks.
Kate advised that we all should start tackling security by questioning: how do I get the basics right? Where do you have to start from? Are our employees aware? Do we test our policies? What impact do they have?
Cyber security in every company should be assessed as a journey. Kate recalled the breach that Sony experienced in 2009, and how BT took measures and became more cyber-aware, with the strategy being shaped as a journey. Current policies include every BT employee completing a first base level test to check their cyber security awareness.
Kate remarked that there is not one company or one solution that can protect you forever, it is sadly a never-ending journey to upgrade protection. We understand that there are many things happening, with the cloud and the digital world becoming incredibly influential parts of our lives - thus companies must create a culture of being not just reactive but also proactive.
The Cyber Security Journey is Denial->Worry->False Confidence->Hard Lessons->True Leader. Once you overcome the Denial step, analyse what the genuine risk is within your industry. It’s vital to have a critical focus on the right threats.
Also, Kate advised being very careful about merging new technology into existing infrastructure, think about how everything works together, consider a multi-layer solution, test it, utilise social engineering, get an access code, and most importantly test yourselves. When doing this you detect your weak points and your company will be able to stengthen them at the same time diminishing the false sense of security and confidence, where we can be vulnerable. Moreover, look beyond the walls, and be mindful of your company policies.
If any breach happens, fix it, but analyse it to the core, take time to understand what happened, why it happened and thus learn what you can do to prevent it from reoccurring. Communication is key to educate employees and engage them with your policy reviews. Companies’ leadership groups must understand the cyber security journey and that digital security is the future. All companies, regardless of size, should be completely aware and focus their security strategies towards digital security.
Kate briefed members on some important data and statistics from cyber security analysis, including the fact that there were 1000% more attacks in 2017 on corporations and governments than in 2016, and that worldwide spending in 2016 on cyber security reached US$83bn. She also noted that 97% of companies in 2016 were breached.
The importance of analysing if every employee understands the constant external threats to their company was highlighted. Do they understand how they impact cyber security? For instance, firewalls mean nothing if a password is leaked.
It is essential is to focus on the right areas of protection, not to simply just throw money at it without considering where you are vulnerable both individually and as a company. As a Security Leader, you must protect the right assets, go back to basics, test yourselves, and determine how you are changing the culture within the company.
Finally, Kate finished her engaging presentation with the following recommendations – 1) make sure you are aware of and understand your basic policies. 2) security can be fun.
Emmanuel Ruíz, addressed the worldwide cases of cyber-attacks that took have taken place over recent years in the likes of the USA, Russia, and Ukraine, as well as specific events such as Sony in 2009, the WannaCry incident, the Cayla doll, and the famous Pegasus who preyed on journalists. Attackers come from everywhere and they are after everybody.
Emmanuel pointed out that a security breach in an organisation on average takes up to 4.9 months to detect. Ideally, threats should be tackled, restrained and blocked before they enter the organisation.
Moreover, he advised that companies focus on having a consolidated system of ample scope, with business-relevant policies. The security strategies should be tailored to suit the industries’ risks and aimed at the company’s needs.
The security needs of a financial, retail or health company vary from each other. For example, in the financial industry focus on the fees and the disruption of the marketplace, as well as your clients’ data; in the health industry, mind the assets. Analyse where your threats are coming from, try to consider the future and focus there. With the rise of smart phones in the last decade, we must now be very mindful about our mobile phones, as they contain information about our entire lives.
Emmanuel stressed that you must be very aware of the threats surrounding your company, and establish a made-to-measure security strategy.
After Emmanuel’s presentation, the Q&A session took place amongst panellists and attendees.
The British Chamber of Commerce wishes to thank Kate Kuehn and Emmanuel Ruíz for their engaging presentations. Moreover, to BT and Checkpoint for their collaboration and most importantly the Digital Transformation BSG: we look forward to more insightful and excellent initiatives that will add value to membership and provide invaluable content to the BritChaM community.
Click here for the gallery