“Only a fool learns from their own mistakes, a wise man learns from the mistakes of others.”
– Otto von Bismarck
Executives overseeing Cyber Security, Network Operations and IT Operations across industries enjoyed an equally rich dinner and dialogue 18 May, 2017, at Percy & Founder’s in London. The talks—on how incident response is best optimised through the scope of automation advances—were presented by Marcus Chambers, CISO Advisory Senior Consultant; and Tom Burton, Cyber Security Director at KPMG UK, to a choice gathering of top industry professionals.
Executive Attendees, enjoying the delectable dinner and insightful conversations.
Chambers recounted the aforementioned quote to encapsulate how firms fail to act to improve their cyber security unless an incident happens to them. He warns many organisations are not learning from the mistakes of others. Chambers also revealed the link between security and share price. He divulged the costs and benefits of personalising your enterprise’s incorporation of a “secure-enough solution.” Chambers explained the correlation between “the hack to the sack” [CEO/ CISO and their team leaving a company after a breach.]
Chambers encouraged enterprise advisors with a few tips:
- See the bigger picture for your organisation: Where it aims to be … and work backward in creating objectives
- Link security value to your company’s bottom line
- Be imaginative and make it relevant to that organisation
- As advisors, simplify your message to the organisation with details or illustrations related to “your defence of its defence”
- Demonstrate the value of security IR as a differentiator for accelerating delivery of KPIs: customer and share price increases, as well as a reduction in appointment waiting times
Burton gave a snapshot into what mature organisations are and aren’t focusing on:
- Not concerned about automation replacing human capital. Rather, “retaining the human insight and decision making where it is required and delivers value.” Burton affirmed employing tailored, human-guided automation drives consistency and efficiency into Security Operations
- Making room for analysts to dedicate time to unknown threats posing the greatest risk to the enterprise by automating IR that is well understood and repetitive. This, with actions funneling directly to responder groups and disseminating relevant information and decision support to the analyst for incidents that are known but more ambiguous
Attendees benefitted from insider Q&A sessions and networking.