At a time when organizations can be under cyberattack and not even know it, it is imperative for cybersecurity practitioners to find new ways to get ahead of cybercrime.
Ken Allan, cybersecurity leader at the consultancy Ernst & Young, recommends that security leaders focus on a three-pronged strategy: Activate, adapt and anticipate.
"In an environment where cybercrime is establishing itself as an industry and developing the capabilities necessary to make large entities victims of a data breach, it is important that security practitioners activate their response mechanism, adapt to the conditions with necessary training and anticipate a breach before it happens," Allan says.
Allan was a keynote speaker at RSA Conference Asia Pacific & Japan in Singapore. In this excerpt of a one-on-one conversation at the event, he urges CISOs to make security plans in advance to tackle unknown threats. To do this, he says they must set the right priorities.
"Cybersecurity leaders should start understanding the theme of business and start discussions around cybersecurity in the board room to establish the maturity of the organization and its culture," he points out.
In this interview with Information Security Media Group, Allan discusses how to plan for a breach attack amidst challenges. He also offers insights on:
- Addressing roadblocks and getting ahead;
- Building capabilities of the cybersecurity team and spotting the right resources;
- Setting the right priorities.
Allan is responsible for EY's client-facing cybersecurity strategy. His focus over the past three years has been to ensure the consultancy has a globally consistent leading capability in security transformation, cyber-threat management, identity and access management and data protection. Allan is a Certified Information Systems Auditor and a Certified Information Security Manager.