Can you tell me about GuidePoint Security?
GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organisations make better decisions to minimise risk. Our experts act as your trusted advisor helping to identify and solve security challenges and evaluating your cybersecurity posture to expose risks, optimise resources, and implement best-fit solutions.
What is your role and responsibilities at the company?
Chief Information Security Officer (CISO), responsible for all aspects of the company’s information security programme, inclusive of building and maintaining GuidePoint’s internal security architecture, control practices, and data privacy.
Do organisations need to think about cyber incident reporting?
Absolutely. Cyber incident reporting requirements are increasing. With the rise in cyber-attacks such as ransomware impacting companies’ operational capabilities and having a direct impact on their revenue and profitability, more attention is being directed towards incident preparedness as well incident reporting practices. While the UK has prior requirements for cyber incident reporting, there are proposed reforms which are expanding the reporting requirements to include more types of incidents as well as increasing the industry sectors required to report. In the U.S., new cyber-incident reporting rulings are coming out of the Federal Deposit Insurance Corporation (FDIC) and the U.S. Securities and Exchange Commission (SEC) introducing mandatory incident reporting. As these obligations continue to grow, companies should identify cyber incident reporting requirements impacting them and ensure appropriate reporting capabilities are in place.
In what ways can companies minimise gaps and vulnerabilities?
Companies need to do a better job executing the fundamental activities to improve their security posture. In March of this year, the UK Information Commissioner’s Office (ICO) handed down its first Monetary Penalty Notice to a company due to a ransomware attack and data exfiltration incident. Part of the identified causes centred around the company’s lack of multifactor authentication, patch management, and encryption. All fundamental security controls. So how can this be avoided? It starts with good risk management – identifying risks and ensuring you have the appropriate controls in place to address them. Ultimately this should be driven across your people, processes, and technologies. From a people perspective, companies should focus on security and awareness training for their employees. Key processes should include privileged account management, vulnerability management, incident response, and backup and recovery. For technology, there should be focus on those that provide the necessary controls and defences such as encryption, endpoint protection, email security, data loss prevention, etc.
What do you see as being one of the top emerging cyber trends this year?
Integrating and operationalising threat intelligence data to drive a more proactive approach to defending your organisation. Threat intelligence provides understanding about threat actors’ common targets and attack patterns giving organisations necessary information used to direct resources to specific defence activities. The key is to not just have this information, but to integrate it into the various functions of the information security programme. This can provide a variety of benefits including improved detection capabilities and incident response activities, prioritisation and strategy for addressing risks, etc. Ultimately, operationalising threat intelligence can provide immediate strategic and operational value for any size organisation.
What can we expect from GuidePoint Security in 2022?
In 2022, GuidePoint continues to research and invest across all security disciplines to provide innovative solutions, thought leadership, and managed security services in areas including cloud security; identity and access management; supply chain risk management; and vulnerability identification and management. GuidePoint is also addressing the cybersecurity skills gap through the creation of GuidePoint Security University (GPSU). GPSU, launched in May of this year, is a training and development pipeline for developing critical cybersecurity skills and applying them to real-world solutions. Finally, GuidePoint is investing in our local communities to foster education and collaboration across industry verticals through our GPSec Cyber Security Forums.