Corporate CPR

Corporate CPR Episode 124: How Cybersecurity Could Kill Your Company

Jana Axline

On today’s episode we are talking about how cybersecurity could kill your company with Richard Hollis.

Richard Hollis is the Chief Executive Officer for Risk Crew Limited a unique London-based information security governance, risk, and compliance (GRC) management consulting firm specializing in providing creative, cost-effective, independent cyber risk management and security awareness training solutions.  Richard possesses over 25 years of “hands on” skills and experience in designing, implementing, managing, testing, and auditing enterprise level information security programs. Over the course of his career, Richard has served as Director of Security for Phillips, in Paris, France and Deputy Director of Security for the US Embassy Moscow Reconstruction Project as well as a variety of sensitive security positions within the US government and military.  In addition to his work with Risk Crew, Richard serves on several security technology company boards and security industry advisory councils.

Key Discussion Points:

Understanding Risk and Breach Capacity: It's crucial for executives to understand their organization's risk appetite and breach capacity. This involves knowing the extent of damage the company can handle in the event of a data breach, identifying and prioritizing threats through thorough risk assessments, and planning accordingly to manage potential cybersecurity threats effectively.

People-Centric Cybersecurity: Recognizing that employees can be the weakest link due to vulnerabilities like social engineering and phishing attacks is essential. Making data protection personal for employees by relating it to their own personal data can enhance their understanding of the importance of cybersecurity. Additionally, investing in education and awareness alongside robust security protocols can strengthen the human aspect of cybersecurity.

Proactive and Holistic Security Measures: Adopting a proactive approach to cybersecurity by thinking like a hacker, regularly assessing risks, and implementing strong security measures is vital. Companies should balance investments in people, processes, and technology to create an effective defense. A holistic approach that includes ongoing vigilance and readiness can help mitigate risks and address potential breaches before they become catastrophic.

Top 3 Takeaways for the Audience: 

  • Cybersecurity is an oxymoron. There's no such thing as a secure computer, so you need to understand your appetite for breach. Quantify that by conducting a risk assessment and cure what you can cure and take on what you can take on day to day like fire, life, safety.
  • There's no silver bullet for cybersecurity. The industry doesn't tell us that because the industry wants to sell us a cybersecurity product, but technically running a business today, you need to understand the impact of a cybersecurity breach on your systems, quantify that and document it so it is a real and talked about issue at the board level.
  • Please, always remember, cybersecurity is not about protecting ones and zeros. This is data that we need to protect because it's data about people's lives. If a customer gives you their data, the implied transaction is you'll protect it according to their understanding of privacy, not yours. We owe it to each other as a society to protect each other's data. 

How to Connect with Richard:

LinkedIn: https://www.linkedin.com/in/riskexpertrichardhollis/

Website: https://www.riskcrew.com/