Cybersecurity risk management is becoming more critical than ever as industries adapt to an increasingly digital landscape.
The rapid growth of artificial intelligence, combined with complex cyber threats, is pushing companies to rethink their security strategies. As the role of the chief information security officer expands to include not only traditional information security, but also supply chain and data integrity, organizations are being forced to navigate new responsibilities and risks. These shifts are transforming how businesses protect themselves, emphasizing the need for resilience in the face of evolving digital threats.
Google Cloud’s Kevin Mandia talks to the CUBE about cybersecurity risk management.
“There’s a lot of companies that have said, ‘We need to make backups of our critical assets. We need to make sure our backups are secure,’” said Kevin Mandia (pictured), founder, former chief executive officer and strategic advisor at Google Cloud. “Almost none of them practiced a red lever event of let’s go through the drill of shutting down and redoing it … because it impacts business and or they may not have the time or resources to do it.”
Mandia spoke with theCUBE Research’s John Furrier and Savannah Peterson at mWISE 2024, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed how the evolving digital landscape has intensified the focus on cybersecurity, highlighting the expanding role of the CISO in managing risks related to AI, supply chain and data security, while emphasizing the importance of proactive strategies and resilience against emerging threats. (* Disclosure below.)
The expanding role of the CISO in cybersecurity risk management
A key takeaway is the evolving scope of the CISO, a role traditionally focused on information security but now expanding to encompass broader aspects such as supply chain and physical security. There is a growing need for CISOs to advocate for their place at the leadership table, with the responsibilities of their roles constantly changing, Mandia pointed out, which he referred to in his event keynote.
“I talked about the CISO role in that I believe the CISO role’s up for a change,” he said. “It’s more and more responsibilities … jump balls are existing in security. Like who’s going to do AI security? Who’s going to do the data security to see what’s going into the model? What’s coming out of the model? Who’s doing supply chain security? The CISO’s the new person on the block. And they’ve got to figure out what’s in my wheel house, what can I do?”
The evolving cybersecurity risk management landscape has also raised questions about how companies manage these expanding security responsibilities. Supply chain security is a growing concern as more businesses integrate technology into their operations, according to Mandia.
“I don’t think too many companies have centralized control. People are working in remote environments, they’re getting consumer subscriptions to artificial intelligence and they’re getting help drafting emails, getting help drafting speeches, getting help drafting code, it’s going to happen,” he said. “You’ve got to wonder what data is going in, figure out how your company’s going to use gen AI and those tools, figure out policies around that. It’s the same pattern of risk management that people had for years.”
Companies need to be prepared for when, not if, a cyber incident occurs, according to Mandia. While prevention is always ideal, resilience focuses on how quickly an organization can recover. Regular tabletop exercises, where companies simulate a breach to test their disaster recovery plans, are important, he added.
“The way I looked at it, first, the threat environment got us better at it,” Mandia said. “Ransomware resolved really about resilience. It was find your assets that matter, back them up and reduce the blast radius so that if somebody came in and they had valid access or valid credentials, they couldn’t just spray and pray to every machine and shut you down. People started segmenting; people started thinking about it. After a few years of ransomware, I’m actually getting the question about resilience less in the boardroom today.”
Stay tuned for the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of mWISE 2024.
(* Disclosure: Google Cloud Security sponsored this segment of theCUBE. Neither Google Cloud Security nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)