CISO to play “Chief Brody” in Cyber Version of Jaws: 5 Predictions for 2017

The CISO is the equivalent of Chief Brody in the blockbuster movie, Jaws. That’s the opinion of Andrzej Kawalec, chief technologist of Enterprise Security Services, HPE. Speaking at HPE Discover yesterday, he gave his security predictions for 2017. His message was that Brody cannot be a solitary hero and that it will take the corporate effort of the entire board and organization to ward off increasingly pernicious and pervasive cyberattacks.

Kawalec recalled the iconic moment in Jaws when the shark surfaces at the shoreline. “It’s an iconic moment. We don’t know that an attack is about to take place: Jaws takes them by surprise. It’s exactly the situation the CISO and the rest of the team find themselves in when the world’s media is at the door, when innovative, brilliant, but bad, people are trying to hack us.”

The business and digital landscape of 2017 provides the perfect storm for the Jaws moment to happen. New General Data Protection Regulation (GDPR) from the EU makes it mandatory for corporations to declare breaches within 72 hours of occurrence. And key to formulating an effective defence against these attacks is understanding how personal identity meshes with all systems.

“Key to all change is our digital identity. It unlocks how we consume services, and a single ID cracked becomes a major point of vulnerability. The central point that’s relevant for boardrooms and classrooms: how does identity mesh in with concern? The single most effective way of hacking is using the human element. The human element, or interaction, is always the weakest link in technology chains,” explained the Enterprise Services security guru.

Kawalec outlined five disruptive trends for 2017:

1: Talent war: There is a talent war going on between the good guys and the dark side. There’s a dearth of talent and companies have to think now about how they are going to get talented professionals. Is their organization of a calibre that can attract top security talent? If the answer is no, then they will have to partner in new ways.

2: Scale of attack: The scale of attack is worrying and unprecedented. Hackers are using IoT and CCTV to launch attacks on huge online services, government platforms and many others. How can a single organization stand against that scale of attack?

3: Safety: In the future, it won’t just be our credit card details that are stolen, but potentially more critical data-connected appliances, such as a heart monitor that is interfered with, or even the brakes on our connected car.

4: Politics: In 2016 there have been a lot of politically motivated attacks that have destabilized institutions, including the Olympics and the US elections. Organizations, CEOs and boards must not just think about their critical data assets, but the potentially embarrassing, such as the memo leaked at 11pm.

5: Extortion: Cybercriminals are almost going back to basics and we’re in a digital version of the Mafia days. The value is in the data. If hackers can break the person or the knowledge, if they can decrypt data and take it away from someone, then there’s a danger of blackmail extortion. It creates a huge power and they can do it anonymously.

Waves of digitalization and regulation are coming together in 2017 and will coalesce to form a major new threat around all around personal identity, and protecting our healthcare and personnel records will be paramount. “It’s about the people-centric stuff that’s not addressed adequately,” warned Kawalec. Enterprise Services is working with the World Economic Forum on the issue and is preparing a cornerstones approach with customers to promote cyber resilience.

Ultimately, in 2017, security is not only a question of digital transformation but is a structural issue that poses ethical questions for boards, too.

Share your views and opinions on this via our LinkedIn Group

Helen Beckett

Author: Helen Beckett

Helen Beckett is the Community Manager of the Business Value Exchange. She has been a writer and editor for over 20 years and takes a particular interest in the challenges facing the CIO in today’s business climate.