Enforcing Information Security in the Age of Organized Cyber Threats

Nikk Gilbert, Chief Information Security Officer, Cherokee Nation Businesses

Nikk Gilbert, Chief Information Security Officer, Cherokee Nation Businesses

With 20 years of executive-level international experience in Information technology roles, Nikk is a respected thought leader within the government & private sectors. Experienced in multiple verticals, financial services, manufacturing, oil & energy, government & military, he is focused on building success by understanding the needs of the customer, and by enabling the business through a deep understanding of the corporate strategy & its culture.

“Having a security team that is trained, committed, and responsible for the management and oversight of information security is crucial”

What according to you are some of the trends currently impacting the cybersecurity landscape?

In the last five to ten years, the threat level in the security arena has reached an extreme point. Earlier, hackers would commit less organized and simpler attacks, and now those attacks have become much more complicated. The escalating number of advanced cyber attacks from hackers and cybercriminals toward businesses is devastating in many ways and results in substantial capital losses. A recent example is 2017’s NotPetya ransomware attack that brought down the entire network of connected systems of global corporations such as shipping giant Maersk, pharmaceutical leader Merck, and FedEx’s TNT Express division in just seconds. While it can be hard to detect these evolving cyberattacks, by analyzing the threat trends, researchers and IT security teams alike can plan ahead using data collected from previous attacks and combine it with real-time activity to more accurately identify risks and raise the bar of detection and prevention.

Please elaborate on how the growing threat landscape is affecting the role of chief information security officers (CISOs) in enterprises today?

About 20 years ago, information security was really an additional duty. Sometimes the network manager or the system admin would be in charge of security. However, with time, this responsibility has evolved and changed hands from the network manager to the security manager, and today, the CISO is accountable for ensuring there is a complete enterprise-wide information security program in place.

That being said, one of the significant reasons why cybercrime is so widespread is due to the availability of heaps of unstructured data and the many firms that lack the maturity to manage this vast data effectively. Organized hackers spend considerable resources to breach the critical infrastructures of private companies, while budget constraints and security vulnerabilities make these firms defenseless against organized cyber-attacks. Numerous organizations today require executives who can demystify the information security realm and define its impact on their businesses. Senior executives are looking for professionals who can help resolve security vulnerabilities and pinpoint the targets of the hackers—whether its customer data, production secrets, social media event, or details of mergers and acquisitions.

Having a security team that is trained, committed, and responsible for the management and oversight of information security is crucial. And, hiring an experienced CISO is one of the most important tasks to protect your business and critical data effectively.

How do you envision the future of cybersecurity realm and what are some of the significant measures enterprises need to take to stay ahead of hackers?

Taking a closer look across the business landscape, one can visibly see that less than 50 percent of the organizations today have efficient patching programs. Due to stringent budget constraints, many small and medium enterprises (SMEs) may face crunch time in deploying effective security systems in their environment, which will prompt hackers to escalate their advances and easily target such firms. Hence, it is crucial for every business to seriously think about securing their network to stop hackers from taking advantage of their un-patched systems. Innovation and growth need to be reconciled with risk and stability. More than ever, it is vital for business leaders to chart a course for their companies to capture emerging opportunities and rigorous resilience planning that matches up against the complex set of risks in the current global landscape.

What is the key piece of advice you would like to impart to fellow and aspiring information security professionals?

One of the most important things to keep in mind as a CISO is to be able to create a foundational information security program for a firm. From my industry experience, there are a few significant core competencies that must be effectively and successfully adopted before moving toward the information security realm. First and foremost, gain ardent support of the senior leadership because the secret to organizational success lies in continually making good decisions and implementing them quickly as a team. Secondly, devise a robust threat vulnerability management program to patch the existing systems. An unpatched system is like a gold mine for hackers; it requires no specific code and can be modified using any malware.

Furthermore, it is also imperative to create actionable security awareness training programs that can prevent users from clicking fake links or installing malicious software. Alongside, it is necessary to develop an efficient incident response plan to recover quickly and safely in case of cyberattacks, thereby preventing a prolonged service outage. Companies that hone the capability to respond to threats efficiently can stay prepared for an incident, follow the right response plan, and apply the proper processes and reviews around it.

Read Also

Building a Comprehensive Industrial Cyber Security Program

Building a Comprehensive Industrial Cyber Security Program

Mohamad Mahjoub, CISO, Veolia Middle East
Bolstering Cybersecurity

Bolstering Cybersecurity

Amr Taman, Chief Information Security Officer, Al Ahli Bank of Kuwait
Building Untrusted Networks to Improve Security

Building Untrusted Networks to Improve Security

Earl Duby, Vice President and CISO, Lear
Security challenges that companies face when implementing telehealth and the solutions and best practices for managing the risks

Security challenges that companies face when implementing...

Stefan Richards, Chief Information Security Officer, CorVel Corporation
Building Cyber Resilience during Covid-19

Building Cyber Resilience during Covid-19

Aleksandar Radosavljevic, Global Chief Information Security Officer, STADA
IAM may help secure data, but it needs to be protected as well

IAM may help secure data, but it needs to be protected as well

Marc Ashworth, Chief Information Security Office, First Bank