Transparency, clear communication key to gain stakeholders' trust in cybersecurity: Veeam’s CISO
New innovations and investments in cybersecurity and artificial intelligence (AI) are shaping the agenda for Chief Information Security Officers (CISOs). Gil Vega, CISO of American data backup and protection company Veeam Software and former cybersecurity leader in the US Department of Defense and Intelligence says that no system is entirely immune to attack and hence it is essential for security leaders to stay ahead of threats. In an exclusive interaction with TechCircle, he also sheds light on why cybersecurity strategies often fail and how companies can effectively tackle a ransomware attack head-on. Edited excerpts:
What are the biggest cybersecurity challenges enterprises face today?
Ransomware poses the greatest threat, attracting significant attention from governments and businesses globally. The financial impact of these attacks is severe, with recent trends including supply chain attacks, like Kaseya and SolarWinds, and triple extortion, where attackers encrypt, exfiltrate, and threaten to leak data. Ransomware-as-a-Service (RaaS) has also gained traction, enabling attackers to use pre-made malware for a fee. Other cybersecurity issues plaguing the enterprise I feel are the rise of generative AI (GenAI) in the mainstream capability, the ongoing shortage of security professionals compared to the demand, the constant increase in cloud usage that is changing digital ecosystems, and the growing regulatory requirements and government oversight of cybersecurity, privacy, and data localisation.
Why do many cybersecurity strategies fail despite substantial investments?
Organisations invest heavily in cybersecurity and are increasingly aware of threats, yet breaches still occur. This often results from misalignment between security teams and other C-suite members, causing cybersecurity to be overlooked. Successful implementation requires proper training in new tools and fostering a cybersecurity culture. A lack of education is a primary cause of cyber-attacks, as basic skills may not suffice in today's threat landscape. Smaller businesses, lacking expertise, should consider partnering with security service providers to bolster their defenses.
How should companies respond to ransomware and cybersecurity breaches?
Companies should avoid paying ransoms, as this does not guarantee file recovery and may increase future targeting. Infected systems should be isolated, and commercial decryption tools and anti-malware programs should be utilised to recover data and prevent further infections. Organisations must restore systems from clean offline backups and inform relevant parties about the breach. Long-term, they should develop robust backup, recovery, and data-resilience strategies.
How can companies leverage AI to enhance security measures?
AI can significantly boost productivity by automating manual processes. By using foundational AI models, security analysts can pose complex queries in plain language and receive actionable insights in real-time, reducing task completion times. However, the full potential of AI, particularly generative AI, for defensive purposes remains untapped. While AI can manipulate phishing schemes and deepfakes, it also automates threat responses, aiding security teams in reacting effectively. This dual-edged influence necessitates continuous innovation in defense strategies against sophisticated threats. As a CISO, I prioritise ensuring my team understands AI's implications for threat management, and executives must grasp both the benefits and risks of AI.
How do you maintain stakeholder trust in cybersecurity?
To build trust, we emphasise transparency and clear communication. We outline potential risks in simple terms, explain how our strategies mitigate them and justify security protocols based on risk assessments and industry standards. Keeping stakeholders informed about security projects fosters a sense of responsibility and confidence in our cybersecurity efforts.
What challenges have you faced as a CISO, and how did you overcome them?
One of the main challenges include keeping up with the evolving threat landscape, securing executive buy-in for necessary investments, and fostering a security-aware culture in organisations like the US Department of Defense and Veeam. Furthermore, CISOs are currently dealing with a more significant compliance hurdle due to the most recent regulations that demand increased transparency and reporting from CISOs on security incidents and risk management. This is consuming more of security leaders' time and we anticipate a rise in products tailored towards compliance, third-party risk management, and governance. It is important to focus on a forward-looking approach, building strong relationships with stakeholders, and emphasising that cybersecurity is a business risk that requires involvement from all stakeholders.