Cyber security leaders battle multitude of challenges. The three toughest struggles being the growing attack surface, technology debt and complexity, according to James Johnson, CISO, John Deere.
Ahead of his participation in the Leader’s Panel: The Future of Information Security, Johnson spoke to CS Hub about the biggest hurdles CISOs face today, where he has seen success in cyber security investments, the threat from malicious trusted insiders and how to overcome the cyber-skills gap.
Register here for the Cyber Security Digital Summit: Global 2022, taking place on 3 – 5 May
Capitalizing on investment
At John Deere, a global manufacturer of heavy machinery, smart investments have been made to overcome the aforementioned industry challenges. Johnson mentioned three tactics were deployed to optimize the firm’s investment strategy.
“First, aligning with industry standards, especially when it comes to foundational processes and services like identity management, operations/monitoring, and vulnerability management,” he explained.
“Second, investing in our employees’ training and development - building expertise in our standard tools and tech. If you have a great security tool or technology without the humans to intelligently operate it – I would question the value of the investment.
“And finally, Keeping our focus specific to technology investments. It is impossible to obtain proficiency with a service and technology if we keep changing vendors and tools. We have worked hard to select the optimal tools and services – and our investments in processes and people allow us to optimize outcomes and capabilities.”
Find the full Cyber Security Digital Summit: Global 2022 agenda here
Malicious trusted insiders
Of all the threats facing organizations today Johnson notes that the most significant risk comes from “malicious trusted insiders”. Noting that some of the most challenging and damaging attacks are attributed to a malicious employee.
“There are technologies and processes that can improve controls and visibility. Zero trust technologies and architectures will also reduce some of this risk,” he explained.
“That being said, the bottom-line is that happy employees generally don’t behave maliciously. HR departments, team leads and managers play a huge role in creating a safe and inclusive work environment where employees feel support, where their voices are heard, and they are given the opportunity to deliver value. Training also plays a role to make sure the employees are proficient in policies and guidelines, and also know how to handle data and report issues when necessary,” Johnsons said.
Looking ahead
During the Leader’s Panel: The Future of Information Security panelists will be highlighting key solutions and what CISOs should prioritize in order to keep pace with the ever-evolving environment.
When asked what should CISOs focus on over the next 12 months in terms of investment and strategy, Johnsons said “I really hate my answer, but it depends”.
Expanding, he said, “CISOs must look at their programs, assess the threats they are facing and determine where they need to invest.”
“CISOs with mature/established security programs may be able to look ahead and invest to mitigate emerging threats, where other CISOs with foundational gaps may have to invest in the basic controls, technologies, and capabilities. It just depends on the program. I would also say that investing in your people and developing their talent should always be a priority,” he said.