Istari

Can we stay ahead of cyber crime in a digital age?

This was the key question of this year’s Tortoise Cyber Summit. Hosted by Tortoise Media on the 30th of September, the summit convened an impressive line-up of speakers who shared their points of view on the increasingly complex world of cybercrime. 

 

Despite the variance in the experts’ backgrounds - private sector professionals, government officials, journalists and an ex-hacker turned analyst – two key topics emerged throughout the day: 

  1. The difficulty and expense of guarding against cyber criminals 
  2. The collective approach needed to stay ahead of the perpetrators  

 

The following is a snapshot of perspectives on the difficulty and expense of keeping ahead of cyber criminals... 

 

Richard Horne, Lead Cyber Security Partner at PwC, discussed the “mess” of IT estates and why organisations need to be more diligent in the way they build or maintain their IT: “The technology landscape is big, hard and expensive and investing money in that isn’t going to bring more revenue, so there’s less incentive to tidy up the past.” 

Joe Hubback, ISTARI Director of EMEA and Global Academy, discussed his “Market for Lemons” research, noting that “CISOs are under a huge amount of pressure to find a solution. People end up spending money without a real understanding of the risk-reduction they are achieving from a solution.”

Ciaran Martin, the founding Chief Executive of the National Cyber Security Centre, part of GCHQ, stated that solving chronic digital insecurity will require “a mixture of some clever policy making, some public resources, but mostly a well-functioning free, open market in cyber security and IT security in general”. 

 

...and the collective approach needed to stay ahead of the perpetrators. 

 

Nicole Perlrotha cybersecurity reporter for the New York Times, illustrated how missed defensive measures create a tremendous disadvantage: “Poor decisions by people enabled recent attacks. For example, Colonial Pipeline had an old employee account they never deactivated and didn’t have multi-factor authentication turned on for that account.” 

Rashmy Chatterjee, the CEO of ISTARI, described why board alignment and response team preparation is critical for a commercial enterprise to be resilient, given that a “slow speed of response will give an attacker more time” and advantage.

Dmitri Alperovitch, the chairman of the Silverado Policy Accelerator, thinks it’s “beyond finding technical solutions”. Though that’s a key part of the landscape, he wants governments to engage in policy and diplomacy to “lower the temperature”. 

Jen Easterly, the Director of the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) highlighted the fact that nobody is invulnerable to attacks and emphasised that “Cybersecurity is a team sport – and the private sector is absolutely one of our key partners in this space”. 

Eugene Kaspersky, CEO of internet security provider Kaspersky, encouraged different nations – despite their different borders and interests – to get back to speaking to one another about cybercrime, “In the cyber space, there are no borders. We are in the same space. To fight the bad guys, we need to talk to each other.”