TopCyberNewsMAGAZINE, profile picture
Uploaded byTopCyberNewsMAGAZINE
16 views

Top Cyber News Magazine Christiane Wuillamie OBE

Christiane Wuillamie OBE, founder and CEO of Pyxis Culture Technologies, has been recognized as the Cyber Security Culture Advocacy Leader of the Year for 2021 for her efforts in promoting a strong cybersecurity culture within corporations. She emphasizes that cybersecurity is not just a technical issue but a comprehensive organizational challenge that requires involvement from all levels of a company, advocating for a cultural shift where accountability for cybersecurity is shared across all functions. Wuillamie highlights the need for effective leadership in fostering an environment where cybersecurity is prioritized, ultimately aiming to protect businesses and their stakeholders from escalating cyber threats.

Embed presentation

Download to read offline
1 MAGAZINE TOP CYBER NEWS Christiane WUILLAMIE OBE How the Officer of the Order of the British Empire for Business, Christiane WUILLAMIE OBE, Founder / CEO of PYXIS Culture Technologies Ltd, Leads Collaboration, Drives Standards and Values of Excellence, Creating Strong Cyber Security Culture REALM of CYBERSECURITY and CORPORATE CULTURE SEPTEMBER 2021 EDITION CYBERSECURITY CULTURE ADVOCACY LEADER OF THE YEAR 2021
a culture of Cybersecurity! TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 2 Create Set up your team FOR SUCCESS
TOP CYBER NEWS MAGAZINE –July 2021 - All rights reserved 3 FUTURE Architecting the Thomas Harrer Distinguished Engineer, Chief Technology Officer, Servers & Storage, IBM EMEA, Member of the IBM Academy of Technology, Member of the Technical Expert Council Central (TEC) TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved ibm.biz/virtualtechu2021
CYBER SECURITY CULTURE ADVOCACY LEADER OF THE YEAR 2021 Recognition Granted To ChristianeWuillamie OBE pecial recognition is given to Christiane Wuillamie OBE for advancing the understanding of cyber security culture and its importance in protecting businesses, customers, and employees. ecause Christiane has had a long career in IT from software programming, running Software companies and as a CIO in Financial Services. She has a deep understanding of the impact of Technology on business, people and processes. As an entrepreneur, CEO and Board Director, Christiane takes a strategic, pragmatic as well as hands-on approach, viewing cyber security as a business issue. She has advocated for a more professional and enterprise-wide approach to cyber safety where all functions take accountability for cyber security, not just the CISO. She has worked tirelessly to help business leaders identify and mitigate the hidden operational and cultural causal factors impacting cyber security. Christiane was also awarded the title of Officer of the Order of the British Empire for Business (OBE) by the Queen for her work with the UK Government to support Small and Medium Enterprises (SMEs). S B TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 4
About Christiane WUILLAMIE OBE Officer of the Order of the British Empire for Business (OBE), Christiane Wuillamie OBE started her technology career in 1980 after working for UNCHR setting up a resettlement camp for Vietnamese refugees. Christiane has done every job in IT from coding, to running a software house, to being CIO in Financial Services. A transformational leader, she built and operationalised a strong, high- performance culture in every role and every turnaround project. She leverages technology to solve business challenges through developing people and joined-up process that deliver a competitive advantage. Her cyber security and technology management skills make her a valued Board member and advisor on digital transformation. In the fast-changing cyber world, Christiane believes that only a strong culture of collaboration, transparency and responsible leadership can deliver safety and security for all. Besides being a Non-Executive Board member, Christiane is the co-founder of a technology firm, PYXIS Culture Technologies that is quantifying the linkage between corporate culture, leadership and business results and helping senior leaders understand how culture impacts cyber security, safety, conduct risk, innovation and customer satisfaction. “It’s time for the role of the CISO to change from information security to enterprise security.” Christiane WUILLAMIE OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 5
The “Cyber Security Culture Advocacy Leader” spotlights exemplary advocates that help foster a strong cyber security culture and awareness, inspire, empower and educate corporate leaders that culture impacts cyber security and business performance. “Cyber security culture is the combination of organizational causal factors that interact to influence and sustain employee attitudes and actions towards cyber security issues. Change the causal factors and you can strengthen the culture.” ~ John R Childress ‘Culture 4.0’ Christiane Wuillamie OBE – A Cyber Warrior Integrating People, Processes and Technology. The brightest stars are those who shine for the benefit of others. Christiane WUILLAMIE OBE is one of those stars! ~Stéphane Nappo Christiane Wuillamie OBE has always been a disrupter for good! In the early 1990s her company rescued failing bank IT projects, at the same time developing the skills and capabilities of the bank’s IT staff and creating a high-performance culture. A growth rate of 100% year on year for 7 years is a testament to her vision and innovative approach. Christiane is a transformational leader who integrates people, processes, and technology to solve today’s biggest cyber security challenges. She sees good cyber security as a profit maximiser, but it is up to responsible leadership to drive security by design, collaboration, shared objectives, and a strong cyber security culture. According to Christiane, the world depends on technology 24 hours every day and successful businesses must build a strong cyber security culture to avoid costly system outages, paying ransom ware and avoid reputational damage. As Chief Executive Officer of PYXIS Culture Technologies Ltd, Christiane focuses on helping global organizations identify and mitigate hidden cyber security vulnerabilities. She believes that cyber security is not simply a technology issue, but also a business issue and every part of the company, and every individual, must be accountable to building a strong cyber safe organization. Ludmila Morozova-Buss, Founder. Editor-In- Chief @ Top Cyber News MAGAZINE & Doctoral Student at Capitol Technology University About ‘Cyber Security Culture Advocacy Leader’ of the Year Recognition TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 6
PYXIS Culture Technologies, Ltd is your business partner for cyber security. We differ from traditional consulting firms in two important areas. We combine over 40 years of experience in how culture impacts performance with deep operational experience in technology management, digital transformation, cyber security, and business turnarounds. At PYXIS Culture Technologies we have pioneered an ecosystem modelling approach for understanding, measuring, and managing cyber security risks to improve business performance. Using systems analytics and proprietary algorithms along with internal company data, we can identify and map the causal factors inside your organization that have a significant impact on cyber security and business performance. Find out more about PYXIS at www.pyxisculture.com. Or contact: info@pyxisculture.com PYXIS Culture Technologies, Ltd TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 7
When I first started working in technology over 30 years ago, our challenges mostly involved the implementation of different programming languages on different hardware running different operating systems. Fast forward to today, and technology, particularly digital and cyber, is rapidly changing and every organisation receives an increasing number of known and unknown cyber- attacks every day. Aside from the exponential growth of attacks aimed at company systems, we now face expanded attack surfaces as a result of personnel working from home, outsourcing of technology and multiple supply chains. Employees working from home are subjected to increasingly sophisticated phishing and malware attacks. ‘There must be no gap between cyber security at home and the office’ So, where to start? The first step is for the Board and senior leadership to understand that cyber security is a business responsibility and not just a technology issue; it is an individual, cultural and organizational issue. By identifying the causal factors that make up a cyber safe culture, leaders can identify hidden cyber risks and engage every function in building a cyber safe organization. Cyber Security is a Leadership Issue Author: Christiane WUILLAMIE OBE “The role of the Chief Information Security Officer (CISO) must evolve from building better firewalls to building cyber security culture where the entire enterprise, from the CEO to third-party vendors, has the knowledge and tools to keep themselves and the organisation safe.” ~ Christiane WUILLAMIE OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 8
However, for this to be effective the CISO must fully engage with all stakeholders, from customers and employees to business lines, the supply chain, IT, Data Privacy, senior management, and the Board. The CISO must help Board members and senior leaders understand their cyber security value chain, so that together they can craft shared cyber objectives and encourage open communications and information sharing. The CISO’s success depends on the Executive and the Board’s active support on changing the culture of the organisation to where every individual becomes accountable for Cyber Security and leaders create a ‘No blame’ environment with collaboration across the enterprise. In this global technologically interconnected world where cyber criminals easily collaborate with each other for coordinated attacks, responsible leaders must drive collaboration within their own organisation as well as with peer companies, other industries, and Government agencies. ‘A culture of learning from attacks, as well as from the attacks on others, will help blunt the impact of cybercrime.’ Senior executives and the Board must lead by example and apply the same focus to Cyber Security as they do to revenue, profit, and share price. And the stakes are high. Each cyber breach brings the potential of heavy financial losses, and even loss of life. ‘A strong cyber security culture is first and foremost a leadership issue’ by Christiane Wuillamie OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 9
A growing number of cybersecurity threats have companies and most CEOs on high alert. More sophisticated cyberattacks have been aimed at the data and assets of corporations, governments, school systems, utilities, and financial institutions. Cybercrime isn’t going away any time soon. Cyber security threats have ranked as the number one risk facing businesses and society, for cybercrime causes an immediate threat to the survival of individuals, businesses and global social institutions. Extraordinary coalescence of unprecedented social, technological and global health factors has opened the floodgates of cybercrime, with ransom demands, data theft, crippled hospitals, shut- down pipelines, and relentless attacks on networks and individuals. In the first half of 2020, data breaches exposed billions of records. What are these unprecedented causal factors? First, the global COVID pandemic moved many employees out of network secure offices and into their homes, using unsecured routers, personal devices and open networks. With this massive move to home working, the attack surface was greatly expanded, resulting in cyber criminals easily attacking individuals using sophisticated social engineering, emails, voice mails and extracting personal data and in many cases, money. In addition, rising IT costs from rapid digitalisation and cloud migration caused many companies to overuse Third-Party partners and external contractors to deliver critical technology and services. With large scale outsourcing, access management and security oversight are often weak or even perfunctory. The combination of hasty migration of systems to the cloud, coupled with existing legacy systems create an open environment to cyber criminals. In many companies, IT Management do not have the skills nor effective processes to manage complex environments of legacy systems and new technologies and applications. This lack of experienced and well-trained IT management, coupled with weak oversight and compliance, ineffective asset management, often means failure to implement critical software updates and patches in a timely manner, leaving the door open to cyber criminals. These complex environments also create a huge challenge to manage Identity and access management of systems resulting in complex passwords for users to remember and some reuse or share passwords. Strong Cyber Security Culture …Keeps Everyone Safe Author: Christiane WUILLAMIE OBE “Our society has become dependent on a utility that it doesn’t really understand.” ~ Dr. Mary Aiken, ‘The Cyber Effect’ TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 10
Another important risk factor is cybersecurity on-job training, which is often seen as a one- and-done activity, with many senior leaders and middle managers skipping the training all together. Add to this, the fact that most Boards and senior leaders have little real understanding of cyber security. Fewer than 24% of large corporations have adequate cyber expertise on their Board. In many companies, the hierarchical structure and fear of admitting mistakes means that what is reported to the Board and senior leaders is often a watered-down version of the company’s cyber vulnerabilities with out-of-date dashboards. Cyber training is not a one-size fits all. Employees with critical data access roles demand different training and oversight. Yet in many companies, cyber training is voluntary, not mandatory. “There is a growing recognition that technical cyber security measures do not exist in a vacuum and need to operate in harmony with people.” ~ The European Union Agency for Cybersecurity (ENISA) Cyber security is not just about technology, but is a combination of people, processes, and technology. As a result, the CISO, must fully engage with all stakeholders, from customers and employees to business lines, all functions, third-party partners, the supply chain, IT, Data Privacy, senior management, and the Board to knit together a strong cyber security ecosystem. It should be mandatory that all Board and senior managers had their personal digital environment secured by a company cyber expert, as well as personal training. That means going to their home and helping them understand the multiple vulnerabilities that exist and how cyber criminals are now targeting individual senior leaders. The cyber security ecosystem is not just the network, but everyone’s home environments as well. It helps to think of this ecosystem as the total cyber security culture, where people, processes and technology interact to determine how the organization defends, responds, and recovers from criminal cyberattacks, whether in the office, on the factory floor, in the warehouse or at home. Creating a Strong Cyber Security Culture “Cyber security culture is the combination of organizational causal factors that interact to influence and sustain employee attitudes and actions towards cyber security issues. Change the causal factors and you can strengthen the culture.” ~ John R Childress, author of Culture Rules It is now commonly understood that corporate culture drives performance, but what drives culture? And what are the specific drivers that create a strong cyber security culture? by Christiane Wuillamie OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 11
For the past three years we have been working with companies to identify the most important causal factors of cyber security culture. In most companies, these are internal policies, processes, and management behaviours, such as: • Vision and Values • Senior Leadership • Middle Management and Supervision • Incident reporting processes • Cyber Training • Recognition and Reward programs • Peer Pressure • Supply Chain • Technology Using ecosystem modelling and internal company data, these drivers form a cyber security culture map showing which factors are enablers and which are cyber security risks, as well as how a strong cyber security culture can positively impact business results. by Christiane Wuillamie OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 12 • Lessons Learned Processes • Internal Communications • Hiring Profiles • On-Boarding Process • Risk Auditing • Third-Party Partners • Employee Engagement • Manufacturing • Data Privacy and improvement programmes. For example, peer pressure and fear of speaking up play a much larger part in cyber security failures than most senior leaders realise. And “tone at the top” can be shown, with data in the culture map, to be a critical security enabler. ‘Also, third-party partners, supply chain and physical security have a major impact on cyber security yet are often big risks due to poor oversight and governance’ As the rate of cybercriminal activity continues to increase, Boards have no choice but to make cyber security a key strategic issue that deserves strong leadership, accountability from every function, every employee, and adequate funding. It is the responsibility of today’s CISO to step out of the technology shadows and lead the fight against cybercrime. Building a strong cyber security culture will help all functions and employees to accept accountability for a cyber safe organization. ‘Cyber security is everyone’s responsibility, and a strong cyber security culture helps protect employees, customers, and the company’ By understanding that cyber security is a dynamic combination of people, processes and technology, and using a visual map to identify the cyber security ecosystem, it is easy for the Board and senior leaders to focus on real time risks
In 2020, the global spend on cyber security was around $150 billion, and is expected to grow at 12-15% through 2025 1. With that amount of focus and money spent on cyber security protection, it would seem reasonable to assume that we are well protected from cybercrime. Wrong! In the first 6 months of 2021, companies paid out $1 trillion in ransomware extortion alone 2 and by 2025 the global cost of ransomware is expected to be $10.5 trillion 3. It’s not just large companies or global financial institutions that are impacted by cybercrime. Forty-three percent of cyberattacks are aimed at small businesses 4, most of whom have rudimentary cyber protection at best. To make things even worse, there is a growing trend of cyberattacks on hospitals and the healthcare industry, where a loss of access to network systems and data could result in loss of life. Okay, so more technology is not the solution to effective cyber protection. In fact, the more sophisticated our cyber security technology becomes, the more sophisticated cyber criminals become in their attack approaches. It’s an escalating war where companies are always playing catch up to the bad guys. Cyber “Whack-a-Mole”. How Corporate Culture Impacts Cyber Security Author: John R Childress “Threat is a mirror of security gaps. Cyber-threat is mainly a reflection of our weaknesses. An accurate vision of digital and behavioural gaps is crucial for a consistent cyber-resilience.” ~ Stephane Nappo TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 13
What can organizations do to protect themselves? It is well documented that corporate culture impacts company performance, either positively or negatively. A toxic culture was the culprit behind Wells Fargo employees opening over 1 million fraudulent bank accounts in order to meet management-mandated sales quotas 5. And the $ 25 billion diesel emissions fraud perpetrated by Volkswagen was the result of a top-down culture of hubris and arrogance in a rush to beat Toyota and become the largest global automobile company. 6 At the other end of the spectrum, a strong “Culture of LUV” 7 has allowed Southwest Airlines to deliver excellent customer satisfaction and post 44 straight years of profitability in a difficult industry. At PYXIS Culture Technologies, we view culture as the missing link in an effective cyber security strategy. A strong cyber security culture can be a highly effective and adaptable bulwark against the growing tsunami of cyberattacks. by John R Childress TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 14
What can organizations do to protect themselves? Cyber security culture is an interconnected ecosystem of organizational causal factors that influence employee actions and behaviors toward cyber security. Causal factors such as policies, training, onboarding, supervision, physical security protocols, third-party contractors, working from home protocols, password policies, shadow IT and a myriad of other factors interact together to create a work environment (cyber security culture) that either supports good cyber behavior among employees, or allows for cyber security shortcuts and other cyber risky behaviors. It is easy to see how a culture of fear of making a mistake or speaking up can negatively impact cyber security. This graphic shows how numerous interconnected causal factors impact employee behaviors and business results: TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 15 by John R Childress So, what is cyber security culture and how does it impact cyber security?
Building a Strong Enterprise Cyber Security Culture The first and most important step in building a strong cyber security culture is to identify the strengths and weaknesses of the many cyber security culture causal factors in your company. Using special ecosystem modelling software and culture analytics developed by PYXIS Culture Technologies, it is possible to use qualitative and quantitative company data and information, as well as a special cyber security culture audit, to build a map of your current cyber security culture. This mapping approach shows not only which causal factors are strengths, but also helps identify the hidden cyber security risks in your culture For example, here is a cyber security culture map, with key risks highlighted. Each of the drivers are color coded from Green to Red, indicating strengths and current risks. A score for each driver is determined from the qualitative and quantitative inputs to our algorithm, and an overall cyber effectiveness score is then created. This analysis also shows how cyber security culture impacts business metrics. In this example, there are several causal factors that need improvement. The map is also divided into what we term Primary Causal Factors and Enabling Factors. Using a scenario planning function built into the platform, we can also model the overall impact on cyber security by adjusting the scores of one or more causal factors. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 16 by John R Childress
For example, research has shown that the actions and behaviors of senior leaders are a powerful factor in driving positive cyber security behaviors. Yet we have found that in most organizations there is little active promotion of cyber security during town hall meetings and staff meetings. As a result, employees receive little feedback or coaching for positive cyber security actions, allowing negative peer pressure and demanding project time schedules to drive cyber security shortcuts. IT management is another strong cyber security driver, especially when IT policies are difficult to implement, and the protocols of cyber hygiene are not rigorously implemented. In many companies IT budgets are under constant pressure to be reduced, which negatively impacts the ability of the company to improve their cyber safety since the budget for the Cyber Security function is often a part of the overall IT budget. Identifying Systemic Cyber Risk: To understand the impact of cyber risk, a customized systemic cyber security ecosystem map helps CISOs engage all functions in stepping up to their cyber accountability. Using this map, senior leaders can open productive conversations inside the organization on cyber risk mitigation, making cyber security everyone’s accountability. Board Commitment: All board members should have personal cyber security training, so they fully understand their role in overseeing and supporting cybersecurity. A home check of their technology environment should be part of each Board members education. Also, the Board cannot rely on having one member with cyber expertise as this lets others opt out of their important risk responsibilities. Responsible Leadership: The majority of Business Heads and Functional Leaders believe cyber security is primarily a technology issue. The CISO must proactively engage with business leaders and functional heads to help them understand how cyber threats increase business risks. The CISO should also help promote greater collaboration and information sharing between business lines and functions, with a set of shared objectives around enterprise cyber security. “If you don’t understand your culture, you don’t understand your business risks.” Since organizations are shadows of their leaders, it is imperative that the senior leaders not only actively support the cyber security function but also be visible with this support. Town hall meetings as well as internal communication should stress the importance of cyber security and everyone’s accountability in creating a cyber safe organization. • Risk Management: Regular tabletop exercises for the Board, executives and managers are important to build rapid response and recovery for a cyber incident. It is up to the CISO and the cyber team to create and facilitate these important cyber security exercises, and to ensure they are mandatory on a regular basis TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 17 by John R Childress
• Design for Security: When products connect to the internet and company networks, they dramatically increase vulnerability. Design for Security must become standard practice for EVERY new digitally enabled product and service. • Internal Communications: In many organizations, poor cross-functional communications and lack of cooperation creates unnecessary cyber vulnerabilities and slow recovery efforts. The CISO needs to support the internal communications function to develop timely cyber security communications, including news about recent incidents. • Secure Your Supply Chain. Many successful cyber breaches and ransom attacks enter a company through supply chain partners. In most cases these relationships are overseen by IT, legal and logistics, but must include the cyber security function. The CISO needs to work closely to help the enterprise secure their supply chain partners since the CISO is responsible for cyber risk • Employee Care and Training: During the global COVID pandemic, working from home and hybrid working schedules have dramatically increased the cyberattack surface, since many home environments are unsecure. The CISO needs to lead the company in policies, practices and training to make certain that everyone, from the Board to the new joiner have their personal home environments fully secured. • Link Cyber Security to Business Priorities: The CISO must understand the company’s business priorities, how they are impacted by cyber security and develop his cyber strategy in conjunction with business priorities. What Does Your Cyber Security Culture Look Like? Where are the Hidden Risks? John R Childress is a pioneer in the field of leadership and corporate culture, advising CEOs and senior teams on the impact of company culture on business performance for almost 40 years. Born in the Cascade Mountains of Oregon, he lived in Carmel Highlands, California during most of his early business career, before moving to London, England in 1996. John is a Phi Beta Kappa scholar with a BA degree (Magna cum Laude) from the University of California, a Masters Degree from Harvard University and was a PhD candidate at the University of Hawaii before deciding on a career as a business entrepreneur in the mid-70s. In 1968-69 he attended the American University of Beirut and it was there that his interest in cultures, leadership and group dynamics began to take shape. After graduating from Harvard with a master’s degree, he co-founded the first management consulting firm focusing on helping senior leadership teams reshape culture for competitive advantage and as President and CEO grew it into an international company. One of his first culture change projects was at the Three Mile Island Nuclear Plant following the catastrophic accident in 1979. John worked with the management team to build a safety culture that produced records in safety and power production for the next 38 years. John has written four business books that help senior leaders understand the importance of culture in business performance and the role of the leadership team in effective strategy execution. Currently John is Chairman of PYXIS Culture Technologies, which has developed a visual ecosystem mapping software platform to help business leaders identify hidden risks inside the organization that impact cyber security, safety, conduct risk, innovation, and customer satisfaction. Mr. Childress is a trustee for Young Virtuosi, a foundation supporting talented young musicians, an Associate Partner with The Palladium Group, and a Senior Executive Advisor to Korn Ferry. John is also a Visiting Professor at IE Business School in Madrid. John is also developing a business and ecosystem approach to implementing the 17 United Nations Sustainable Development Goals. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 18
The ABCs of Cyber Security Culture Author: Victor L. Malloy “Vic” “More than the ABCs of Cybersecurity Culture, My DREAM is for a unified CYBER SOCIETY. It is my hope that the ABCs for Cybersecurity Culture will spark conversations.” - Victor L. Malloy “Vic”, a Native New Yorker and a PROUD TEXAN by Choice! As a retired military officer and cyber security professional, it is clear that culture is more than just vision, values and employee engagement. Like an effective military operation involving many functions and skills, there are many elements inside a company that impact cyber security. These elements create an interconnected ecosystem we call the cyber security culture. If all the elements are in alignment with the company’s specific cyber security requirements and work together in an integrated fashion, it is possible to build and sustain a cyber safe culture that helps mitigate attacks and responds quickly to incidents. Corporate culture is often defined as the “habitual way of behaving within a company”. Cyber security culture then describes the way employees at all levels behave in relation to cyber events. But what are the key foundational elements of a cyber safe culture? I offer the ABCs of Culture in Cyber Security to help business leaders and cyber security professionals build a strong and fit for purpose cyber safe organization. Let us begin with A for AWARENESS. The start of any journey of improvement is having what we in the military call “situational awareness”. Being aware that the environment may contain threats, and determining which threats are most pressing is the foundation for situational awareness. As a retired military cyber security officer, I am aware of the dangers for not keeping devices updated with the latest version. Are your co-workers aware of the updates that have been released by manufacturers for their personal devices? If they are aware of the updates, have they completed the actions? As a cyber security professional, it is important to understand the level of cyber awareness of employees and their understanding of threats and consequences. Has your organization done enough to create a high level of cyber awareness in the Board Room, among the C-suite, at all employee levels, even being aware of the dangers of working from home? Raising the organizational awareness of cyber threats requires an ongoing conversation at all levels, since cyber awareness is developed over time, and must continue since the nature of threats is always changing. Second, B is for BELIEF. Cyber security culture is an organized approach to protect people, processes, data, and technology. However, good practices, policies and processes only work if people believe in them. And that belief comes from having policies that are easy to implement, rather than cumbersome and take time away from normal work duties. Belief also grows about the importance of cyber security when senior leaders, managers and supervisors are role models of good cyber safe practices. Senior leaders who bypass access protocols for the sake of expediency quickly sow doubt in employees about the importance of cyber security policies. Cyber security is a responsibility that must be demonstrated, not just talked about or mandated by leaders. An effective cyber security culture also instills a strong belief of vigilance in all employees when it comes to their actions in cyberspace and on the internal company network. We must instill a belief that cyber threats are real, ongoing, deceitful, harmful and must be always guarded against. When this belief drives habitual cyber safe behaviors, you are well on our way to a cyber safe organization. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 19
Finally, C is for CHARACTER. Character is defined as the mental and moral qualities distinctive to an individual. Corporate culture has often been referred to as the character of an organization. It is imperative for cyber security professionals to establish and codify the attitudinal and behavioral qualities required from all employees to create a cyber safe organization. In many organizations these character elements combine to create what I call Digital Citizens, individuals who are AWARE of cyber threats, and BELIEVE in their own responsibility and accountability to remain cyber safe, at work and home. One of the key character elements of a cyber safe organization is openness and collaboration. That is, any suspected cyber concern is immediately shared with colleagues and management. And inside the organization is the practice of openly and regularly communicating actual threat events to all employees. If everyone is informed of an incident in one area or department, they will naturally become more vigilant themselves. And a strong cyber security culture also shares incident and threat intelligence with their peer companies which helps them protect each other. Cyber criminals use the same attack methods against companies in the same industry, so collaboration and information sharing is critical. To summarize, A – AWARENESS – Awaken from the slumber that you could be tricked into falling victim to some malicious software or social engineering scheme that is targeting you or your organization. B – BELIEF – Be responsible for your behavior in that you can take proactive measures to protect your personal information and the data that is entrusted to you by others in business and personal relationships C – CHARACTER – Create a unique trusted quality based upon individual and collective experiences to collaborate in creating positive cybersecurity culture for everyone. More than the ABCs of Cybersecurity Culture, My DREAM is for a unified CYBER SOCIETY. It is my hope that the ABCs for Cybersecurity Culture will spark conversations. It is my desire that these thoughts will promote more collaboration. In the final outcome, collaboration will produce a unified CYBER SOCIETY forged to help protect all organizations, nations and citizens from the debilitating impact of cybercrime. Victor L. Malloy “Vic”, Lieutenant Colonel, United States Air Force retired, is an internationally recognized cybersecurity ambassador. As the principal of Malloy & Malloy Consulting, he collaborates with business, government, academia on information security, risk management and organizational leadership. He is currently serving with the Small Business Development Center located at the University of Texas at San Antonio, where he leads the Texas Cybersecurity Compliance Program. He served over 20 years in the United States Air Force as a highly effective leader with many tours of duty that formed the foundation of cybersecurity and information operations that are conducted today. His noteworthy record includes chief information officer for National Security Agency/Central Security Service in Texas while in command of squadron personnel enabling mission support services for regional operations. Vic Malloy had senior leadership responsibilities in Air Forces Cyber Operations Center overseeing the global coordination, integration and execution of full-spectrum operations to defend the nation. His joint service included assignments with United States Strategic Command, United States Transportation Command, and United States Cyber Command. Upon his retirement, he has executed business operation within the financial services industry in cybersecurity operations to include identity and access management, security awareness and training and risk management. In addition, Vic Malloy served as senior client relations executive for a Contractor delivering Department of Defense with sensitive cybersecurity emerging technologies. Vic Malloy was previously, the general manager for the CyberTexas Foundation, a non-profit cybersecurity education information sharing and analysis organization. He led all aspects of strategy, business development and program execution to advance pathways for the next generation of leaders in cybersecurity. Recently, Victor “Vic” Malloy was recognized by the TOP CYBER NEWS Magazine as “who’s who in 2021” for his leadership, contribution and service within the cybersecurity ecosystems. Vic earned his Bachelor’s degree from the University of North Texas and Master’s degree from Webster’s University. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 20
“We, in security, should not promote fear – but protect hope”. ~ Troels Oerting, Expert Member of Interpols Global Cybercrime Expert Group, INTERPOL The Modern CISO Defender Of The Crown Jewels Of Your Business To be cybersafe, businesses must make cyber security a business issue. Author: Aloysius CHEANG Cybersecurity is not a new skill set. It is an important subset of overall enterprise and personal security. Security is both common sense, and a habit for successful individuals and organizations. For example, remembering to lock the doors and windows of your house when you sleep or are heading out. It’s common sense not share your home keys with a stranger. Or for that matter, when you buy a new house, to change the locks for your own security. And not a cheap lock either. Today, people practice these security habits naturally. And in social behaviour most people are careful not to spread rumours, allegations or false information when interacting with others in business and personal settings. However, these security and common sense practices are not universally applied in cyberspace. In cyberspace people a much more unconscious of security and safety consequences. For example, to use an easy to remember password such as “1234567” or “password1”, that they write down on a Post-it note and leave out in the open for all the see. Or to share on Facebook, Instagram and other social media outlets outrageous photos or contestable opinions. It never occurs to many people that information such as birthday, mother’s maiden name, or their mobile number constitutes PII (personal identifiable information) that most banks routinely use to authenticate you over the phone. A definite security risk if this information falls into the wrong hands. While many people are unaware of the risks of such behaviour, many companies are unaware of the hidden cyber security risks inside their organization. The modern CISO understands these risks, yet until recently, the role of the CISO has been relegated to a subset of the technology function and rarely has cyber security been part of the business strategy or culture. ‘Simply put, cybersecurity professionals are seen as outcasts by business line leaders, and even the technology and risk functions’ In most organizations, the role of head of cyber security has been filled with either former IT professionals, or former military security specialists. They are technical and security experts, but not business experts. They see their role as technical, whereas the real need is for cyber security to become an important business issue so that all employees feel accountable for company and personal cyber safety. For the modern CISO, security-by-design is a business issue and a key part of how to keep the company safe. However, when the CISO talks about security-by- design and other important business security issues, they are often seen as arrogant and condescending. They are also branded as the “Bad Guys” who must be the gatekeeper within the company, to oversee security checks for all IT projects. Which naturally means the cyber security function will never win a popularity contest and is often left out of important product development planning until the very end. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 21
“As organizations reassess their purpose, they are turning to technology to drive the changes they need to make. Yet this technology must be managed correctly if it is to deliver the benefits that stakeholders expect. By adhering to the principles of Tech for Life, those who create and use technology can ensure it continues to be a force for good.” ~ ‘Tech for Life’ by Jim HAGEMANN SNABE, Chairman at Siemens and A. P. Moller Maersk For the CISO, as the defender of the crown jewels of the business, one significant breach is enough to warrant potential dismissal. In the language of soccer, you can go from hero to zero in just 1 min when cyber criminals manage to ‘score a goal against you’, while few give credit for the fact that your cyber team rebuffed multiple hack attempts for over 89 minutes. Cyber security is definitely undervalued. But things are changing. Recently, due to the large increase in cyber attacks globally, cybersecurity is beginning to take centre stage. And it comes as a key part of the new era, the digital era. In the 4th industrial revolution, we are seeing people talking and accepting the notion of a “digital economy” and the need to undergo a digital transformation. This is so true under the Covid-19 pandemic where if organisations do not change the way they operate, they may not survive. Take for example shopping malls. Shopping malls are finding it hard to survive with restrictions on personal gatherings due to Covid-19. On the other hand, e-commerce or online malls such as Alibaba’s T-Mall or Amazon have a thriving business model! Not to mention the Deliveroos and Deliver Heros of the world that send food to your home as restaurants are either ordered to close to customers or operating at a capacity that is not revenue viable. As there is a quantum shift in business and individual behaviour towards online commerce, suddenly it dawned on many that there will also be security and privacy concerns online. For example, when using online commerce sites, making sure that personal and financial information are not shared, leaked or stolen. People expect their online experiences to be safe and secure. And this is helped by the cloud revolution, where for once it is very clear that IT today is already a utility, just like electricity and water. And just as you expect your electricity to be green and water to be potable, people have the expectation that cloud services are secure. True, it is still far from seeing the CISO taking over the CEO position in any traditional business. More recently however we are beginning to see a few CISO’s as part of a company’s executive management team with a direct reporting line to the CEO. Even more frequently we are seeing companies valuing and elevating cyber security and giving the CISO more access to business leaders. Some even appoint cybersecurity professionals onto their board to better address cyber risk issues. The implementation of GDPR in Europe and the appointment of a Data Protection Officer (DPO) has driven the recruitment of professional CISOs to support efforts to build security controls into privacy policies and internal controls. However, to be effective the modern CISO must be able to communicate to the Board and senior management in business language. To speak the business language that everyone can understands, and not in terms of their firewall rules or security penetration testing lingo. The crux to build trust with business and the board. We are in a new era today where cybercrime is exploding. The modern CISO must become not only as the “cyber sheriff” bringing law and order into the company’s cyberspace, but also be an “Ambassador of Cyber Safety” through an understanding and development of the internal cyber security digital eco-system. The modern CISO is the architect of an open and transparent communication and collaboration model that protects the company, customers and employees. “That new world order is now, and cybersecurity is moving from the back- room to the frontline and the boardroom. Will business leaders grasp this opportunity and make the best out of it?” TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 22 by Aloysius CHEANG
Aloysius Cheang is a globally recognised cybersecurity expert, a senior corporate executive with extensive experience running global businesses. Mr. Cheang has worked on many security engagements with varying degree of technical challenges in his entire career. He has managed large multi-cultural, multi-disciplinary teams spread across 5 continents and 4 major time zones, many a time building up the business or team from scratch. Aloysius is currently the Chief Security Officer for Huawei UAE based out of Dubai. Additionally, he is a Board member with the largest global professional cybersecurity association, (ISC)² in the US and also on the Board of the UK-based cyber leadership think tank, CSCIS. He is also a member and a registered corporate director with NACD (National Association of Corporate Directors) in the US. Previously, Aloysius was a co-founder of Cloud Security Alliance APAC, running it as its managing director for 7 years and was instrumental for its global expansion. Prior to the CSA, Aloysius was a Worldwide Head for Security for a global telco, a Practice Leader with a global management consulting firm, having started his career as as technical staff member with Singapore's DSO National Laboratories. A firm believer of giving back to the community, Aloysius was instrumental in establishing AISP in Singapore, sister organisation to IISP in UK, where he was ProTem Chairman from 2006-2007, and chaired its predecessor, SIG^2 from 2002 to 2006. He was also an active participation in International Standardisation efforts, having co-edited the first version of ISO/IEC 27032 "Guidelines for Cybersecurity" and was a contributor to SS507 “Business Continuity/Disaster Recovery Industry Standard” that was adopted as ISO/IEC 24762. Aloysius holds B.Sc (Hons) & Masters in Computer Science. His professional certifications include CISA, CISSP & GCIH. Aloysius’s views are valued by major media globally such as BBC, Times, Wall Street Journal, ZDNet, CIO-Asia, IDC, BankInfoSecurity, Xinhua News, Phoenix News, CCTV, The Hindu Times, China Times, SCMP, Bangkok Post, Zaobao, The Straits Times, CNA, Gulf Business, Zaywa, Al Bawaba & Eye of Riyadh. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 23
24 24 Editor TOP CYBER NEWS MAGAZINE and RAISE THE CYBERSECURITY CURTAIN! Ludmila Morozova-Buss Cybersecurity Woman of the Year 2020 (Influencer) TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 24
MAGAZINE TOP CYBER NEWS SEPTEMBER 2021 EDITION We communicate Technology, Innovation, and Cybersecurity TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 25
TOP CYBER NEWS MAGAZINE –July 2021 - All rights reserved 26 TOP CYBER NEWS SEPTEMBER 2021 EDITION MAGAZINE IBM Servers & Storage TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 26

More Related Content

PPTX
Stephane Nappo. Top Cyber News MAGAZINE January 2023
byDr. Ludmila Morozova-Buss
 
PDF
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
byStéphane Nappo
 
PDF
Priyanka Sunder for Top Cyber News MAGAZINE October 2024.pdf
byDr. Ludmila Morozova-Buss
 
PDF
Guillaume Collard and Patrice Chelim for September 2024 Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
PDF
The 10 Most Influential People in Cyber Security, 2023.pdf
byCIO Look Magazine
 
PDF
The Most Trusted Cybersecurity Leaders to Follow, 2024.pdf
byTHECIOWORLD
 
PDF
Raise The Cybersecurity Curtain! Be The Voice!
byDr. Ludmila Morozova-Buss
 
PDF
Top 10 Cybersecurity Leaders Shaping the Future of Digital Safety, 2025
byCIO Business World
 
Stephane Nappo. Top Cyber News MAGAZINE January 2023
byDr. Ludmila Morozova-Buss
 
Stephane Nappo. January 2023. Top Cyber News MAGAZINE.pdf
byStéphane Nappo
 
Priyanka Sunder for Top Cyber News MAGAZINE October 2024.pdf
byDr. Ludmila Morozova-Buss
 
Guillaume Collard and Patrice Chelim for September 2024 Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
The 10 Most Influential People in Cyber Security, 2023.pdf
byCIO Look Magazine
 
The Most Trusted Cybersecurity Leaders to Follow, 2024.pdf
byTHECIOWORLD
 
Raise The Cybersecurity Curtain! Be The Voice!
byDr. Ludmila Morozova-Buss
 
Top 10 Cybersecurity Leaders Shaping the Future of Digital Safety, 2025
byCIO Business World
 

Similar to Top Cyber News Magazine Christiane Wuillamie OBE

PDF
The 10 Most Iconic Leaders in Enterprise Security.pdf
byCIO Look Magazine
 
PDF
CC_Futureinc_Cyber Security
byAlistair Blake
 
PDF
Top 10 Cybersecurity Women Leaders Shaping the Future of Digital Safety,2025
byCIO Business World
 
PPTX
Matt_Cyber Security Core Deck September 2016.pptx
byNakhoudah
 
PDF
The 10 Most Influential People In Cyber Security, 2024 (2).pdf
byCIO Look Magazine
 
PDF
The 10 Most Eminent Women Leaders in Security October 2021
byCIO Look Magazine
 
PDF
October 2025 Dr. Bhavana Chibber - India - for Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
PDF
CSWY2023! Cybersecurity Woman of the Year. Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
PDF
10 Most Influential Leaders in Cybersecurity, 2022.pdf
byCIO Look Magazine
 
PDF
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
byTopCyberNewsMAGAZINE
 
PDF
40 under 40 in Cybersecurity year 2022.pdf
byDr. Ludmila Morozova-Buss
 
PDF
40 under 40 in cybersecurity. top cyber news magazine
byBradford Sims
 
PDF
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
PDF
Cyber security investments 2021
byManagement Events
 
PDF
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
byInsightsSuccess4
 
PDF
Joe Shenouda for Top Cyber News MAGAZINE April 2025
byDr. Ludmila Morozova-Buss
 
PDF
The 10 Most Influential Women In Cyber Security,2023.pdf
byCIO Look Magazine
 
PDF
Most Expert Security Leaders Creating a Global Impact, 2025
byCIO Business World
 
PDF
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
byapidays
 
PDF
The Most Impactful Women in Cybersecurity For 2024.pdf
bythesiliconleaders
 
The 10 Most Iconic Leaders in Enterprise Security.pdf
byCIO Look Magazine
 
CC_Futureinc_Cyber Security
byAlistair Blake
 
Top 10 Cybersecurity Women Leaders Shaping the Future of Digital Safety,2025
byCIO Business World
 
Matt_Cyber Security Core Deck September 2016.pptx
byNakhoudah
 
The 10 Most Influential People In Cyber Security, 2024 (2).pdf
byCIO Look Magazine
 
The 10 Most Eminent Women Leaders in Security October 2021
byCIO Look Magazine
 
October 2025 Dr. Bhavana Chibber - India - for Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
CSWY2023! Cybersecurity Woman of the Year. Top Cyber News MAGAZINE
byDr. Ludmila Morozova-Buss
 
10 Most Influential Leaders in Cybersecurity, 2022.pdf
byCIO Look Magazine
 
40 under 40 in Cybersecurity 2022. Top Cyber News MAGAZINE
byTopCyberNewsMAGAZINE
 
40 under 40 in Cybersecurity year 2022.pdf
byDr. Ludmila Morozova-Buss
 
40 under 40 in cybersecurity. top cyber news magazine
byBradford Sims
 
4th Digital Finance Forum, Simon Brady
byStarttech Ventures
 
Cyber security investments 2021
byManagement Events
 
The Most Influential Women Breaking Barriers In Cybersecurity For 2024.pdf
byInsightsSuccess4
 
Joe Shenouda for Top Cyber News MAGAZINE April 2025
byDr. Ludmila Morozova-Buss
 
The 10 Most Influential Women In Cyber Security,2023.pdf
byCIO Look Magazine
 
Most Expert Security Leaders Creating a Global Impact, 2025
byCIO Business World
 
apidays Singapore 2023 - Securing and protecting our digital way of life, Ver...
byapidays
 
The Most Impactful Women in Cybersecurity For 2024.pdf
bythesiliconleaders
 

More from TopCyberNewsMAGAZINE

PDF
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
byTopCyberNewsMAGAZINE
 
PDF
Top Cyber News MAGAZINE. Troels Oerting
byTopCyberNewsMAGAZINE
 
PDF
Top Cyber News Magazine. Margo Koniuszewski
byTopCyberNewsMAGAZINE
 
PDF
Top Cyber News MAGAZINE. Dr. Bradford L. Sims. Capitol Technology University
byTopCyberNewsMAGAZINE
 
PDF
Thomas Harrer Top Cyber News Magazine
byTopCyberNewsMAGAZINE
 
PDF
Top Cyber News Magazine Daniel Ehrenreich
byTopCyberNewsMAGAZINE
 
PDF
Top Cyber News Magazine. Stewart Skomra
byTopCyberNewsMAGAZINE
 
PDF
Top Cyber News Magazine. Carmen Marsh
byTopCyberNewsMAGAZINE
 
Top Cyber News MAGAZINE February 2022 Chuck D Brooks. Highest Resolution.pdf
byTopCyberNewsMAGAZINE
 
Top Cyber News MAGAZINE. Troels Oerting
byTopCyberNewsMAGAZINE
 
Top Cyber News Magazine. Margo Koniuszewski
byTopCyberNewsMAGAZINE
 
Top Cyber News MAGAZINE. Dr. Bradford L. Sims. Capitol Technology University
byTopCyberNewsMAGAZINE
 
Thomas Harrer Top Cyber News Magazine
byTopCyberNewsMAGAZINE
 
Top Cyber News Magazine Daniel Ehrenreich
byTopCyberNewsMAGAZINE
 
Top Cyber News Magazine. Stewart Skomra
byTopCyberNewsMAGAZINE
 
Top Cyber News Magazine. Carmen Marsh
byTopCyberNewsMAGAZINE
 

Recently uploaded

PPTX
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
PPTX
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PDF
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
PDF
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
PDF
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
PDF
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
PDF
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
PDF
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
PDF
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
PPTX
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
PDF
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
PPTX
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PDF
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
PDF
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
PPTX
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
PDF
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 
AI Bot Traffic Surge: Retail Fraud Threat for Age-Restricted Websites
byFTx Identity
 
Cybersecurity Basics: Understanding Threats, Protection Methods, and Safe Dig...
byDhruvManiar3
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
250 Prompts - ChatGPT acting as your Assistant
byMihir Nagarkar
 
Artificial Intelligence(AI) full Book.pdf
bydeyanimesh299
 
Artificial Intelligence and Barbarism - Conceptual Map
byalfadix
 
Video Infrastructure_ Streaming Architecture and Delivery Systems.pdf
byTenbyte Limited
 
IAC 500 Sensor - Humidity Measurement Device
byCS Instruments
 
Groq Series A Investment Memo - Chamath Palihapitiya
byRazin Mustafiz
 
Ai In Courts Ai in courts AI in court AI in court
byZainKarim7
 
Search Engine Responses to Conspiratorial Search Practices AANZCA 2025 Presen...
bykkasianenko
 
“Lessons from Yesterday's Tomorrowland” by Scott M. Graffius
byScott M. Graffius
 
Spacecraft Guidance Quick Research Guide by Arthur Morgan
byArthur Morgan
 
Information and Communication Technologies and Power
byJeffrey Hart
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
The map to conquer linear algebra for IT engineer
byakipii ogaoga
 
Navigating the Spectrum of Advanced AI – Agentic, Autonomous, and Autopoietic...
byScott M. Graffius
 
Cyber Security Overview-breif note .pptx
byxbitindiacom
 
Small Business Automation: A Comprehensive Cost and ROI Guide
byAmelia Swank
 

Top Cyber News Magazine Christiane Wuillamie OBE

  • 1.
    1 MAGAZINE TOP CYBER NEWS Christiane WUILLAMIEOBE How the Officer of the Order of the British Empire for Business, Christiane WUILLAMIE OBE, Founder / CEO of PYXIS Culture Technologies Ltd, Leads Collaboration, Drives Standards and Values of Excellence, Creating Strong Cyber Security Culture REALM of CYBERSECURITY and CORPORATE CULTURE SEPTEMBER 2021 EDITION CYBERSECURITY CULTURE ADVOCACY LEADER OF THE YEAR 2021
  • 2.
    a culture of Cybersecurity! TOPCYBER NEWS MAGAZINE - September 2021 - All rights reserved 2 Create Set up your team FOR SUCCESS
  • 3.
    TOP CYBER NEWSMAGAZINE –July 2021 - All rights reserved 3 FUTURE Architecting the Thomas Harrer Distinguished Engineer, Chief Technology Officer, Servers & Storage, IBM EMEA, Member of the IBM Academy of Technology, Member of the Technical Expert Council Central (TEC) TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved ibm.biz/virtualtechu2021
  • 4.
    CYBER SECURITY CULTURE ADVOCACYLEADER OF THE YEAR 2021 Recognition Granted To ChristianeWuillamie OBE pecial recognition is given to Christiane Wuillamie OBE for advancing the understanding of cyber security culture and its importance in protecting businesses, customers, and employees. ecause Christiane has had a long career in IT from software programming, running Software companies and as a CIO in Financial Services. She has a deep understanding of the impact of Technology on business, people and processes. As an entrepreneur, CEO and Board Director, Christiane takes a strategic, pragmatic as well as hands-on approach, viewing cyber security as a business issue. She has advocated for a more professional and enterprise-wide approach to cyber safety where all functions take accountability for cyber security, not just the CISO. She has worked tirelessly to help business leaders identify and mitigate the hidden operational and cultural causal factors impacting cyber security. Christiane was also awarded the title of Officer of the Order of the British Empire for Business (OBE) by the Queen for her work with the UK Government to support Small and Medium Enterprises (SMEs). S B TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 4
  • 5.
    About Christiane WUILLAMIE OBE Officerof the Order of the British Empire for Business (OBE), Christiane Wuillamie OBE started her technology career in 1980 after working for UNCHR setting up a resettlement camp for Vietnamese refugees. Christiane has done every job in IT from coding, to running a software house, to being CIO in Financial Services. A transformational leader, she built and operationalised a strong, high- performance culture in every role and every turnaround project. She leverages technology to solve business challenges through developing people and joined-up process that deliver a competitive advantage. Her cyber security and technology management skills make her a valued Board member and advisor on digital transformation. In the fast-changing cyber world, Christiane believes that only a strong culture of collaboration, transparency and responsible leadership can deliver safety and security for all. Besides being a Non-Executive Board member, Christiane is the co-founder of a technology firm, PYXIS Culture Technologies that is quantifying the linkage between corporate culture, leadership and business results and helping senior leaders understand how culture impacts cyber security, safety, conduct risk, innovation and customer satisfaction. “It’s time for the role of the CISO to change from information security to enterprise security.” Christiane WUILLAMIE OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 5
  • 6.
    The “Cyber SecurityCulture Advocacy Leader” spotlights exemplary advocates that help foster a strong cyber security culture and awareness, inspire, empower and educate corporate leaders that culture impacts cyber security and business performance. “Cyber security culture is the combination of organizational causal factors that interact to influence and sustain employee attitudes and actions towards cyber security issues. Change the causal factors and you can strengthen the culture.” ~ John R Childress ‘Culture 4.0’ Christiane Wuillamie OBE – A Cyber Warrior Integrating People, Processes and Technology. The brightest stars are those who shine for the benefit of others. Christiane WUILLAMIE OBE is one of those stars! ~Stéphane Nappo Christiane Wuillamie OBE has always been a disrupter for good! In the early 1990s her company rescued failing bank IT projects, at the same time developing the skills and capabilities of the bank’s IT staff and creating a high-performance culture. A growth rate of 100% year on year for 7 years is a testament to her vision and innovative approach. Christiane is a transformational leader who integrates people, processes, and technology to solve today’s biggest cyber security challenges. She sees good cyber security as a profit maximiser, but it is up to responsible leadership to drive security by design, collaboration, shared objectives, and a strong cyber security culture. According to Christiane, the world depends on technology 24 hours every day and successful businesses must build a strong cyber security culture to avoid costly system outages, paying ransom ware and avoid reputational damage. As Chief Executive Officer of PYXIS Culture Technologies Ltd, Christiane focuses on helping global organizations identify and mitigate hidden cyber security vulnerabilities. She believes that cyber security is not simply a technology issue, but also a business issue and every part of the company, and every individual, must be accountable to building a strong cyber safe organization. Ludmila Morozova-Buss, Founder. Editor-In- Chief @ Top Cyber News MAGAZINE & Doctoral Student at Capitol Technology University About ‘Cyber Security Culture Advocacy Leader’ of the Year Recognition TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 6
  • 7.
    PYXIS Culture Technologies,Ltd is your business partner for cyber security. We differ from traditional consulting firms in two important areas. We combine over 40 years of experience in how culture impacts performance with deep operational experience in technology management, digital transformation, cyber security, and business turnarounds. At PYXIS Culture Technologies we have pioneered an ecosystem modelling approach for understanding, measuring, and managing cyber security risks to improve business performance. Using systems analytics and proprietary algorithms along with internal company data, we can identify and map the causal factors inside your organization that have a significant impact on cyber security and business performance. Find out more about PYXIS at www.pyxisculture.com. Or contact: info@pyxisculture.com PYXIS Culture Technologies, Ltd TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 7
  • 8.
    When I firststarted working in technology over 30 years ago, our challenges mostly involved the implementation of different programming languages on different hardware running different operating systems. Fast forward to today, and technology, particularly digital and cyber, is rapidly changing and every organisation receives an increasing number of known and unknown cyber- attacks every day. Aside from the exponential growth of attacks aimed at company systems, we now face expanded attack surfaces as a result of personnel working from home, outsourcing of technology and multiple supply chains. Employees working from home are subjected to increasingly sophisticated phishing and malware attacks. ‘There must be no gap between cyber security at home and the office’ So, where to start? The first step is for the Board and senior leadership to understand that cyber security is a business responsibility and not just a technology issue; it is an individual, cultural and organizational issue. By identifying the causal factors that make up a cyber safe culture, leaders can identify hidden cyber risks and engage every function in building a cyber safe organization. Cyber Security is a Leadership Issue Author: Christiane WUILLAMIE OBE “The role of the Chief Information Security Officer (CISO) must evolve from building better firewalls to building cyber security culture where the entire enterprise, from the CEO to third-party vendors, has the knowledge and tools to keep themselves and the organisation safe.” ~ Christiane WUILLAMIE OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 8
  • 9.
    However, for thisto be effective the CISO must fully engage with all stakeholders, from customers and employees to business lines, the supply chain, IT, Data Privacy, senior management, and the Board. The CISO must help Board members and senior leaders understand their cyber security value chain, so that together they can craft shared cyber objectives and encourage open communications and information sharing. The CISO’s success depends on the Executive and the Board’s active support on changing the culture of the organisation to where every individual becomes accountable for Cyber Security and leaders create a ‘No blame’ environment with collaboration across the enterprise. In this global technologically interconnected world where cyber criminals easily collaborate with each other for coordinated attacks, responsible leaders must drive collaboration within their own organisation as well as with peer companies, other industries, and Government agencies. ‘A culture of learning from attacks, as well as from the attacks on others, will help blunt the impact of cybercrime.’ Senior executives and the Board must lead by example and apply the same focus to Cyber Security as they do to revenue, profit, and share price. And the stakes are high. Each cyber breach brings the potential of heavy financial losses, and even loss of life. ‘A strong cyber security culture is first and foremost a leadership issue’ by Christiane Wuillamie OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 9
  • 10.
    A growing numberof cybersecurity threats have companies and most CEOs on high alert. More sophisticated cyberattacks have been aimed at the data and assets of corporations, governments, school systems, utilities, and financial institutions. Cybercrime isn’t going away any time soon. Cyber security threats have ranked as the number one risk facing businesses and society, for cybercrime causes an immediate threat to the survival of individuals, businesses and global social institutions. Extraordinary coalescence of unprecedented social, technological and global health factors has opened the floodgates of cybercrime, with ransom demands, data theft, crippled hospitals, shut- down pipelines, and relentless attacks on networks and individuals. In the first half of 2020, data breaches exposed billions of records. What are these unprecedented causal factors? First, the global COVID pandemic moved many employees out of network secure offices and into their homes, using unsecured routers, personal devices and open networks. With this massive move to home working, the attack surface was greatly expanded, resulting in cyber criminals easily attacking individuals using sophisticated social engineering, emails, voice mails and extracting personal data and in many cases, money. In addition, rising IT costs from rapid digitalisation and cloud migration caused many companies to overuse Third-Party partners and external contractors to deliver critical technology and services. With large scale outsourcing, access management and security oversight are often weak or even perfunctory. The combination of hasty migration of systems to the cloud, coupled with existing legacy systems create an open environment to cyber criminals. In many companies, IT Management do not have the skills nor effective processes to manage complex environments of legacy systems and new technologies and applications. This lack of experienced and well-trained IT management, coupled with weak oversight and compliance, ineffective asset management, often means failure to implement critical software updates and patches in a timely manner, leaving the door open to cyber criminals. These complex environments also create a huge challenge to manage Identity and access management of systems resulting in complex passwords for users to remember and some reuse or share passwords. Strong Cyber Security Culture …Keeps Everyone Safe Author: Christiane WUILLAMIE OBE “Our society has become dependent on a utility that it doesn’t really understand.” ~ Dr. Mary Aiken, ‘The Cyber Effect’ TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 10
  • 11.
    Another important riskfactor is cybersecurity on-job training, which is often seen as a one- and-done activity, with many senior leaders and middle managers skipping the training all together. Add to this, the fact that most Boards and senior leaders have little real understanding of cyber security. Fewer than 24% of large corporations have adequate cyber expertise on their Board. In many companies, the hierarchical structure and fear of admitting mistakes means that what is reported to the Board and senior leaders is often a watered-down version of the company’s cyber vulnerabilities with out-of-date dashboards. Cyber training is not a one-size fits all. Employees with critical data access roles demand different training and oversight. Yet in many companies, cyber training is voluntary, not mandatory. “There is a growing recognition that technical cyber security measures do not exist in a vacuum and need to operate in harmony with people.” ~ The European Union Agency for Cybersecurity (ENISA) Cyber security is not just about technology, but is a combination of people, processes, and technology. As a result, the CISO, must fully engage with all stakeholders, from customers and employees to business lines, all functions, third-party partners, the supply chain, IT, Data Privacy, senior management, and the Board to knit together a strong cyber security ecosystem. It should be mandatory that all Board and senior managers had their personal digital environment secured by a company cyber expert, as well as personal training. That means going to their home and helping them understand the multiple vulnerabilities that exist and how cyber criminals are now targeting individual senior leaders. The cyber security ecosystem is not just the network, but everyone’s home environments as well. It helps to think of this ecosystem as the total cyber security culture, where people, processes and technology interact to determine how the organization defends, responds, and recovers from criminal cyberattacks, whether in the office, on the factory floor, in the warehouse or at home. Creating a Strong Cyber Security Culture “Cyber security culture is the combination of organizational causal factors that interact to influence and sustain employee attitudes and actions towards cyber security issues. Change the causal factors and you can strengthen the culture.” ~ John R Childress, author of Culture Rules It is now commonly understood that corporate culture drives performance, but what drives culture? And what are the specific drivers that create a strong cyber security culture? by Christiane Wuillamie OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 11
  • 12.
    For the pastthree years we have been working with companies to identify the most important causal factors of cyber security culture. In most companies, these are internal policies, processes, and management behaviours, such as: • Vision and Values • Senior Leadership • Middle Management and Supervision • Incident reporting processes • Cyber Training • Recognition and Reward programs • Peer Pressure • Supply Chain • Technology Using ecosystem modelling and internal company data, these drivers form a cyber security culture map showing which factors are enablers and which are cyber security risks, as well as how a strong cyber security culture can positively impact business results. by Christiane Wuillamie OBE TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 12 • Lessons Learned Processes • Internal Communications • Hiring Profiles • On-Boarding Process • Risk Auditing • Third-Party Partners • Employee Engagement • Manufacturing • Data Privacy and improvement programmes. For example, peer pressure and fear of speaking up play a much larger part in cyber security failures than most senior leaders realise. And “tone at the top” can be shown, with data in the culture map, to be a critical security enabler. ‘Also, third-party partners, supply chain and physical security have a major impact on cyber security yet are often big risks due to poor oversight and governance’ As the rate of cybercriminal activity continues to increase, Boards have no choice but to make cyber security a key strategic issue that deserves strong leadership, accountability from every function, every employee, and adequate funding. It is the responsibility of today’s CISO to step out of the technology shadows and lead the fight against cybercrime. Building a strong cyber security culture will help all functions and employees to accept accountability for a cyber safe organization. ‘Cyber security is everyone’s responsibility, and a strong cyber security culture helps protect employees, customers, and the company’ By understanding that cyber security is a dynamic combination of people, processes and technology, and using a visual map to identify the cyber security ecosystem, it is easy for the Board and senior leaders to focus on real time risks
  • 13.
    In 2020, theglobal spend on cyber security was around $150 billion, and is expected to grow at 12-15% through 2025 1. With that amount of focus and money spent on cyber security protection, it would seem reasonable to assume that we are well protected from cybercrime. Wrong! In the first 6 months of 2021, companies paid out $1 trillion in ransomware extortion alone 2 and by 2025 the global cost of ransomware is expected to be $10.5 trillion 3. It’s not just large companies or global financial institutions that are impacted by cybercrime. Forty-three percent of cyberattacks are aimed at small businesses 4, most of whom have rudimentary cyber protection at best. To make things even worse, there is a growing trend of cyberattacks on hospitals and the healthcare industry, where a loss of access to network systems and data could result in loss of life. Okay, so more technology is not the solution to effective cyber protection. In fact, the more sophisticated our cyber security technology becomes, the more sophisticated cyber criminals become in their attack approaches. It’s an escalating war where companies are always playing catch up to the bad guys. Cyber “Whack-a-Mole”. How Corporate Culture Impacts Cyber Security Author: John R Childress “Threat is a mirror of security gaps. Cyber-threat is mainly a reflection of our weaknesses. An accurate vision of digital and behavioural gaps is crucial for a consistent cyber-resilience.” ~ Stephane Nappo TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 13
  • 14.
    What can organizationsdo to protect themselves? It is well documented that corporate culture impacts company performance, either positively or negatively. A toxic culture was the culprit behind Wells Fargo employees opening over 1 million fraudulent bank accounts in order to meet management-mandated sales quotas 5. And the $ 25 billion diesel emissions fraud perpetrated by Volkswagen was the result of a top-down culture of hubris and arrogance in a rush to beat Toyota and become the largest global automobile company. 6 At the other end of the spectrum, a strong “Culture of LUV” 7 has allowed Southwest Airlines to deliver excellent customer satisfaction and post 44 straight years of profitability in a difficult industry. At PYXIS Culture Technologies, we view culture as the missing link in an effective cyber security strategy. A strong cyber security culture can be a highly effective and adaptable bulwark against the growing tsunami of cyberattacks. by John R Childress TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 14
  • 15.
    What can organizationsdo to protect themselves? Cyber security culture is an interconnected ecosystem of organizational causal factors that influence employee actions and behaviors toward cyber security. Causal factors such as policies, training, onboarding, supervision, physical security protocols, third-party contractors, working from home protocols, password policies, shadow IT and a myriad of other factors interact together to create a work environment (cyber security culture) that either supports good cyber behavior among employees, or allows for cyber security shortcuts and other cyber risky behaviors. It is easy to see how a culture of fear of making a mistake or speaking up can negatively impact cyber security. This graphic shows how numerous interconnected causal factors impact employee behaviors and business results: TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 15 by John R Childress So, what is cyber security culture and how does it impact cyber security?
  • 16.
    Building a StrongEnterprise Cyber Security Culture The first and most important step in building a strong cyber security culture is to identify the strengths and weaknesses of the many cyber security culture causal factors in your company. Using special ecosystem modelling software and culture analytics developed by PYXIS Culture Technologies, it is possible to use qualitative and quantitative company data and information, as well as a special cyber security culture audit, to build a map of your current cyber security culture. This mapping approach shows not only which causal factors are strengths, but also helps identify the hidden cyber security risks in your culture For example, here is a cyber security culture map, with key risks highlighted. Each of the drivers are color coded from Green to Red, indicating strengths and current risks. A score for each driver is determined from the qualitative and quantitative inputs to our algorithm, and an overall cyber effectiveness score is then created. This analysis also shows how cyber security culture impacts business metrics. In this example, there are several causal factors that need improvement. The map is also divided into what we term Primary Causal Factors and Enabling Factors. Using a scenario planning function built into the platform, we can also model the overall impact on cyber security by adjusting the scores of one or more causal factors. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 16 by John R Childress
  • 17.
    For example, researchhas shown that the actions and behaviors of senior leaders are a powerful factor in driving positive cyber security behaviors. Yet we have found that in most organizations there is little active promotion of cyber security during town hall meetings and staff meetings. As a result, employees receive little feedback or coaching for positive cyber security actions, allowing negative peer pressure and demanding project time schedules to drive cyber security shortcuts. IT management is another strong cyber security driver, especially when IT policies are difficult to implement, and the protocols of cyber hygiene are not rigorously implemented. In many companies IT budgets are under constant pressure to be reduced, which negatively impacts the ability of the company to improve their cyber safety since the budget for the Cyber Security function is often a part of the overall IT budget. Identifying Systemic Cyber Risk: To understand the impact of cyber risk, a customized systemic cyber security ecosystem map helps CISOs engage all functions in stepping up to their cyber accountability. Using this map, senior leaders can open productive conversations inside the organization on cyber risk mitigation, making cyber security everyone’s accountability. Board Commitment: All board members should have personal cyber security training, so they fully understand their role in overseeing and supporting cybersecurity. A home check of their technology environment should be part of each Board members education. Also, the Board cannot rely on having one member with cyber expertise as this lets others opt out of their important risk responsibilities. Responsible Leadership: The majority of Business Heads and Functional Leaders believe cyber security is primarily a technology issue. The CISO must proactively engage with business leaders and functional heads to help them understand how cyber threats increase business risks. The CISO should also help promote greater collaboration and information sharing between business lines and functions, with a set of shared objectives around enterprise cyber security. “If you don’t understand your culture, you don’t understand your business risks.” Since organizations are shadows of their leaders, it is imperative that the senior leaders not only actively support the cyber security function but also be visible with this support. Town hall meetings as well as internal communication should stress the importance of cyber security and everyone’s accountability in creating a cyber safe organization. • Risk Management: Regular tabletop exercises for the Board, executives and managers are important to build rapid response and recovery for a cyber incident. It is up to the CISO and the cyber team to create and facilitate these important cyber security exercises, and to ensure they are mandatory on a regular basis TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 17 by John R Childress
  • 18.
    • Design forSecurity: When products connect to the internet and company networks, they dramatically increase vulnerability. Design for Security must become standard practice for EVERY new digitally enabled product and service. • Internal Communications: In many organizations, poor cross-functional communications and lack of cooperation creates unnecessary cyber vulnerabilities and slow recovery efforts. The CISO needs to support the internal communications function to develop timely cyber security communications, including news about recent incidents. • Secure Your Supply Chain. Many successful cyber breaches and ransom attacks enter a company through supply chain partners. In most cases these relationships are overseen by IT, legal and logistics, but must include the cyber security function. The CISO needs to work closely to help the enterprise secure their supply chain partners since the CISO is responsible for cyber risk • Employee Care and Training: During the global COVID pandemic, working from home and hybrid working schedules have dramatically increased the cyberattack surface, since many home environments are unsecure. The CISO needs to lead the company in policies, practices and training to make certain that everyone, from the Board to the new joiner have their personal home environments fully secured. • Link Cyber Security to Business Priorities: The CISO must understand the company’s business priorities, how they are impacted by cyber security and develop his cyber strategy in conjunction with business priorities. What Does Your Cyber Security Culture Look Like? Where are the Hidden Risks? John R Childress is a pioneer in the field of leadership and corporate culture, advising CEOs and senior teams on the impact of company culture on business performance for almost 40 years. Born in the Cascade Mountains of Oregon, he lived in Carmel Highlands, California during most of his early business career, before moving to London, England in 1996. John is a Phi Beta Kappa scholar with a BA degree (Magna cum Laude) from the University of California, a Masters Degree from Harvard University and was a PhD candidate at the University of Hawaii before deciding on a career as a business entrepreneur in the mid-70s. In 1968-69 he attended the American University of Beirut and it was there that his interest in cultures, leadership and group dynamics began to take shape. After graduating from Harvard with a master’s degree, he co-founded the first management consulting firm focusing on helping senior leadership teams reshape culture for competitive advantage and as President and CEO grew it into an international company. One of his first culture change projects was at the Three Mile Island Nuclear Plant following the catastrophic accident in 1979. John worked with the management team to build a safety culture that produced records in safety and power production for the next 38 years. John has written four business books that help senior leaders understand the importance of culture in business performance and the role of the leadership team in effective strategy execution. Currently John is Chairman of PYXIS Culture Technologies, which has developed a visual ecosystem mapping software platform to help business leaders identify hidden risks inside the organization that impact cyber security, safety, conduct risk, innovation, and customer satisfaction. Mr. Childress is a trustee for Young Virtuosi, a foundation supporting talented young musicians, an Associate Partner with The Palladium Group, and a Senior Executive Advisor to Korn Ferry. John is also a Visiting Professor at IE Business School in Madrid. John is also developing a business and ecosystem approach to implementing the 17 United Nations Sustainable Development Goals. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 18
  • 19.
    The ABCs of CyberSecurity Culture Author: Victor L. Malloy “Vic” “More than the ABCs of Cybersecurity Culture, My DREAM is for a unified CYBER SOCIETY. It is my hope that the ABCs for Cybersecurity Culture will spark conversations.” - Victor L. Malloy “Vic”, a Native New Yorker and a PROUD TEXAN by Choice! As a retired military officer and cyber security professional, it is clear that culture is more than just vision, values and employee engagement. Like an effective military operation involving many functions and skills, there are many elements inside a company that impact cyber security. These elements create an interconnected ecosystem we call the cyber security culture. If all the elements are in alignment with the company’s specific cyber security requirements and work together in an integrated fashion, it is possible to build and sustain a cyber safe culture that helps mitigate attacks and responds quickly to incidents. Corporate culture is often defined as the “habitual way of behaving within a company”. Cyber security culture then describes the way employees at all levels behave in relation to cyber events. But what are the key foundational elements of a cyber safe culture? I offer the ABCs of Culture in Cyber Security to help business leaders and cyber security professionals build a strong and fit for purpose cyber safe organization. Let us begin with A for AWARENESS. The start of any journey of improvement is having what we in the military call “situational awareness”. Being aware that the environment may contain threats, and determining which threats are most pressing is the foundation for situational awareness. As a retired military cyber security officer, I am aware of the dangers for not keeping devices updated with the latest version. Are your co-workers aware of the updates that have been released by manufacturers for their personal devices? If they are aware of the updates, have they completed the actions? As a cyber security professional, it is important to understand the level of cyber awareness of employees and their understanding of threats and consequences. Has your organization done enough to create a high level of cyber awareness in the Board Room, among the C-suite, at all employee levels, even being aware of the dangers of working from home? Raising the organizational awareness of cyber threats requires an ongoing conversation at all levels, since cyber awareness is developed over time, and must continue since the nature of threats is always changing. Second, B is for BELIEF. Cyber security culture is an organized approach to protect people, processes, data, and technology. However, good practices, policies and processes only work if people believe in them. And that belief comes from having policies that are easy to implement, rather than cumbersome and take time away from normal work duties. Belief also grows about the importance of cyber security when senior leaders, managers and supervisors are role models of good cyber safe practices. Senior leaders who bypass access protocols for the sake of expediency quickly sow doubt in employees about the importance of cyber security policies. Cyber security is a responsibility that must be demonstrated, not just talked about or mandated by leaders. An effective cyber security culture also instills a strong belief of vigilance in all employees when it comes to their actions in cyberspace and on the internal company network. We must instill a belief that cyber threats are real, ongoing, deceitful, harmful and must be always guarded against. When this belief drives habitual cyber safe behaviors, you are well on our way to a cyber safe organization. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 19
  • 20.
    Finally, C isfor CHARACTER. Character is defined as the mental and moral qualities distinctive to an individual. Corporate culture has often been referred to as the character of an organization. It is imperative for cyber security professionals to establish and codify the attitudinal and behavioral qualities required from all employees to create a cyber safe organization. In many organizations these character elements combine to create what I call Digital Citizens, individuals who are AWARE of cyber threats, and BELIEVE in their own responsibility and accountability to remain cyber safe, at work and home. One of the key character elements of a cyber safe organization is openness and collaboration. That is, any suspected cyber concern is immediately shared with colleagues and management. And inside the organization is the practice of openly and regularly communicating actual threat events to all employees. If everyone is informed of an incident in one area or department, they will naturally become more vigilant themselves. And a strong cyber security culture also shares incident and threat intelligence with their peer companies which helps them protect each other. Cyber criminals use the same attack methods against companies in the same industry, so collaboration and information sharing is critical. To summarize, A – AWARENESS – Awaken from the slumber that you could be tricked into falling victim to some malicious software or social engineering scheme that is targeting you or your organization. B – BELIEF – Be responsible for your behavior in that you can take proactive measures to protect your personal information and the data that is entrusted to you by others in business and personal relationships C – CHARACTER – Create a unique trusted quality based upon individual and collective experiences to collaborate in creating positive cybersecurity culture for everyone. More than the ABCs of Cybersecurity Culture, My DREAM is for a unified CYBER SOCIETY. It is my hope that the ABCs for Cybersecurity Culture will spark conversations. It is my desire that these thoughts will promote more collaboration. In the final outcome, collaboration will produce a unified CYBER SOCIETY forged to help protect all organizations, nations and citizens from the debilitating impact of cybercrime. Victor L. Malloy “Vic”, Lieutenant Colonel, United States Air Force retired, is an internationally recognized cybersecurity ambassador. As the principal of Malloy & Malloy Consulting, he collaborates with business, government, academia on information security, risk management and organizational leadership. He is currently serving with the Small Business Development Center located at the University of Texas at San Antonio, where he leads the Texas Cybersecurity Compliance Program. He served over 20 years in the United States Air Force as a highly effective leader with many tours of duty that formed the foundation of cybersecurity and information operations that are conducted today. His noteworthy record includes chief information officer for National Security Agency/Central Security Service in Texas while in command of squadron personnel enabling mission support services for regional operations. Vic Malloy had senior leadership responsibilities in Air Forces Cyber Operations Center overseeing the global coordination, integration and execution of full-spectrum operations to defend the nation. His joint service included assignments with United States Strategic Command, United States Transportation Command, and United States Cyber Command. Upon his retirement, he has executed business operation within the financial services industry in cybersecurity operations to include identity and access management, security awareness and training and risk management. In addition, Vic Malloy served as senior client relations executive for a Contractor delivering Department of Defense with sensitive cybersecurity emerging technologies. Vic Malloy was previously, the general manager for the CyberTexas Foundation, a non-profit cybersecurity education information sharing and analysis organization. He led all aspects of strategy, business development and program execution to advance pathways for the next generation of leaders in cybersecurity. Recently, Victor “Vic” Malloy was recognized by the TOP CYBER NEWS Magazine as “who’s who in 2021” for his leadership, contribution and service within the cybersecurity ecosystems. Vic earned his Bachelor’s degree from the University of North Texas and Master’s degree from Webster’s University. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 20
  • 21.
    “We, in security,should not promote fear – but protect hope”. ~ Troels Oerting, Expert Member of Interpols Global Cybercrime Expert Group, INTERPOL The Modern CISO Defender Of The Crown Jewels Of Your Business To be cybersafe, businesses must make cyber security a business issue. Author: Aloysius CHEANG Cybersecurity is not a new skill set. It is an important subset of overall enterprise and personal security. Security is both common sense, and a habit for successful individuals and organizations. For example, remembering to lock the doors and windows of your house when you sleep or are heading out. It’s common sense not share your home keys with a stranger. Or for that matter, when you buy a new house, to change the locks for your own security. And not a cheap lock either. Today, people practice these security habits naturally. And in social behaviour most people are careful not to spread rumours, allegations or false information when interacting with others in business and personal settings. However, these security and common sense practices are not universally applied in cyberspace. In cyberspace people a much more unconscious of security and safety consequences. For example, to use an easy to remember password such as “1234567” or “password1”, that they write down on a Post-it note and leave out in the open for all the see. Or to share on Facebook, Instagram and other social media outlets outrageous photos or contestable opinions. It never occurs to many people that information such as birthday, mother’s maiden name, or their mobile number constitutes PII (personal identifiable information) that most banks routinely use to authenticate you over the phone. A definite security risk if this information falls into the wrong hands. While many people are unaware of the risks of such behaviour, many companies are unaware of the hidden cyber security risks inside their organization. The modern CISO understands these risks, yet until recently, the role of the CISO has been relegated to a subset of the technology function and rarely has cyber security been part of the business strategy or culture. ‘Simply put, cybersecurity professionals are seen as outcasts by business line leaders, and even the technology and risk functions’ In most organizations, the role of head of cyber security has been filled with either former IT professionals, or former military security specialists. They are technical and security experts, but not business experts. They see their role as technical, whereas the real need is for cyber security to become an important business issue so that all employees feel accountable for company and personal cyber safety. For the modern CISO, security-by-design is a business issue and a key part of how to keep the company safe. However, when the CISO talks about security-by- design and other important business security issues, they are often seen as arrogant and condescending. They are also branded as the “Bad Guys” who must be the gatekeeper within the company, to oversee security checks for all IT projects. Which naturally means the cyber security function will never win a popularity contest and is often left out of important product development planning until the very end. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 21
  • 22.
    “As organizations reassesstheir purpose, they are turning to technology to drive the changes they need to make. Yet this technology must be managed correctly if it is to deliver the benefits that stakeholders expect. By adhering to the principles of Tech for Life, those who create and use technology can ensure it continues to be a force for good.” ~ ‘Tech for Life’ by Jim HAGEMANN SNABE, Chairman at Siemens and A. P. Moller Maersk For the CISO, as the defender of the crown jewels of the business, one significant breach is enough to warrant potential dismissal. In the language of soccer, you can go from hero to zero in just 1 min when cyber criminals manage to ‘score a goal against you’, while few give credit for the fact that your cyber team rebuffed multiple hack attempts for over 89 minutes. Cyber security is definitely undervalued. But things are changing. Recently, due to the large increase in cyber attacks globally, cybersecurity is beginning to take centre stage. And it comes as a key part of the new era, the digital era. In the 4th industrial revolution, we are seeing people talking and accepting the notion of a “digital economy” and the need to undergo a digital transformation. This is so true under the Covid-19 pandemic where if organisations do not change the way they operate, they may not survive. Take for example shopping malls. Shopping malls are finding it hard to survive with restrictions on personal gatherings due to Covid-19. On the other hand, e-commerce or online malls such as Alibaba’s T-Mall or Amazon have a thriving business model! Not to mention the Deliveroos and Deliver Heros of the world that send food to your home as restaurants are either ordered to close to customers or operating at a capacity that is not revenue viable. As there is a quantum shift in business and individual behaviour towards online commerce, suddenly it dawned on many that there will also be security and privacy concerns online. For example, when using online commerce sites, making sure that personal and financial information are not shared, leaked or stolen. People expect their online experiences to be safe and secure. And this is helped by the cloud revolution, where for once it is very clear that IT today is already a utility, just like electricity and water. And just as you expect your electricity to be green and water to be potable, people have the expectation that cloud services are secure. True, it is still far from seeing the CISO taking over the CEO position in any traditional business. More recently however we are beginning to see a few CISO’s as part of a company’s executive management team with a direct reporting line to the CEO. Even more frequently we are seeing companies valuing and elevating cyber security and giving the CISO more access to business leaders. Some even appoint cybersecurity professionals onto their board to better address cyber risk issues. The implementation of GDPR in Europe and the appointment of a Data Protection Officer (DPO) has driven the recruitment of professional CISOs to support efforts to build security controls into privacy policies and internal controls. However, to be effective the modern CISO must be able to communicate to the Board and senior management in business language. To speak the business language that everyone can understands, and not in terms of their firewall rules or security penetration testing lingo. The crux to build trust with business and the board. We are in a new era today where cybercrime is exploding. The modern CISO must become not only as the “cyber sheriff” bringing law and order into the company’s cyberspace, but also be an “Ambassador of Cyber Safety” through an understanding and development of the internal cyber security digital eco-system. The modern CISO is the architect of an open and transparent communication and collaboration model that protects the company, customers and employees. “That new world order is now, and cybersecurity is moving from the back- room to the frontline and the boardroom. Will business leaders grasp this opportunity and make the best out of it?” TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 22 by Aloysius CHEANG
  • 23.
    Aloysius Cheang isa globally recognised cybersecurity expert, a senior corporate executive with extensive experience running global businesses. Mr. Cheang has worked on many security engagements with varying degree of technical challenges in his entire career. He has managed large multi-cultural, multi-disciplinary teams spread across 5 continents and 4 major time zones, many a time building up the business or team from scratch. Aloysius is currently the Chief Security Officer for Huawei UAE based out of Dubai. Additionally, he is a Board member with the largest global professional cybersecurity association, (ISC)² in the US and also on the Board of the UK-based cyber leadership think tank, CSCIS. He is also a member and a registered corporate director with NACD (National Association of Corporate Directors) in the US. Previously, Aloysius was a co-founder of Cloud Security Alliance APAC, running it as its managing director for 7 years and was instrumental for its global expansion. Prior to the CSA, Aloysius was a Worldwide Head for Security for a global telco, a Practice Leader with a global management consulting firm, having started his career as as technical staff member with Singapore's DSO National Laboratories. A firm believer of giving back to the community, Aloysius was instrumental in establishing AISP in Singapore, sister organisation to IISP in UK, where he was ProTem Chairman from 2006-2007, and chaired its predecessor, SIG^2 from 2002 to 2006. He was also an active participation in International Standardisation efforts, having co-edited the first version of ISO/IEC 27032 "Guidelines for Cybersecurity" and was a contributor to SS507 “Business Continuity/Disaster Recovery Industry Standard” that was adopted as ISO/IEC 24762. Aloysius holds B.Sc (Hons) & Masters in Computer Science. His professional certifications include CISA, CISSP & GCIH. Aloysius’s views are valued by major media globally such as BBC, Times, Wall Street Journal, ZDNet, CIO-Asia, IDC, BankInfoSecurity, Xinhua News, Phoenix News, CCTV, The Hindu Times, China Times, SCMP, Bangkok Post, Zaobao, The Straits Times, CNA, Gulf Business, Zaywa, Al Bawaba & Eye of Riyadh. TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 23
  • 24.
    24 24 Editor TOP CYBER NEWS MAGAZINE and RAISE THE CYBERSECURITY CURTAIN! LudmilaMorozova-Buss Cybersecurity Woman of the Year 2020 (Influencer) TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 24
  • 25.
    MAGAZINE TOP CYBER NEWS SEPTEMBER2021 EDITION We communicate Technology, Innovation, and Cybersecurity TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 25
  • 26.
    TOP CYBER NEWSMAGAZINE –July 2021 - All rights reserved 26 TOP CYBER NEWS SEPTEMBER 2021 EDITION MAGAZINE IBM Servers & Storage TOP CYBER NEWS MAGAZINE - September 2021 - All rights reserved 26