5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Gary Brickhouse, CISO of cybersecurity firm GuidePoint Security, spoke to Cyber Magazine about incident reporting and minimising vulnerabilities

Can you tell me about GuidePoint Security? 

GuidePoint Security provides trusted cybersecurity expertise, solutions, and services that help organisations make better decisions to minimise risk. Our experts act as your trusted advisor helping to identify and solve security challenges and evaluating your cybersecurity posture to expose risks, optimise resources, and implement best-fit solutions.

What is your role and responsibilities at the company? 

Chief Information Security Officer (CISO), responsible for all aspects of the company’s information security programme, inclusive of building and maintaining GuidePoint’s internal security architecture, control practices, and data privacy.

Do organisations need to think about cyber incident reporting? 

Absolutely. Cyber incident reporting requirements are increasing. With the rise in cyber-attacks such as ransomware impacting companies’ operational capabilities and having a direct impact on their revenue and profitability, more attention is being directed towards incident preparedness as well incident reporting practices.  While the UK has prior requirements for cyber incident reporting, there are proposed reforms which are expanding the reporting requirements to include more types of incidents as well as increasing the industry sectors required to report.  In the U.S., new cyber-incident reporting rulings are coming out of the Federal Deposit Insurance Corporation (FDIC) and the U.S. Securities and Exchange Commission (SEC) introducing mandatory incident reporting. As these obligations continue to grow, companies should identify cyber incident reporting requirements impacting them and ensure appropriate reporting capabilities are in place.

In what ways can companies minimise gaps and vulnerabilities? 

Companies need to do a better job executing the fundamental activities to improve their security posture.  In March of this year, the UK Information Commissioner’s Office (ICO) handed down its first Monetary Penalty Notice to a company due to a ransomware attack and data exfiltration incident.  Part of the identified causes centred around the company’s lack of multifactor authentication, patch management, and encryption.  All fundamental security controls.  So how can this be avoided?  It starts with good risk management – identifying risks and ensuring you have the appropriate controls in place to address them.  Ultimately this should be driven across your people, processes, and technologies.  From a people perspective, companies should focus on security and awareness training for their employees.  Key processes should include privileged account management, vulnerability management, incident response, and backup and recovery.  For technology, there should be focus on those that provide the necessary controls and defences such as encryption, endpoint protection, email security, data loss prevention, etc. 

What do you see as being one of the top emerging cyber trends this year?

Integrating and operationalising threat intelligence data to drive a more proactive approach to defending your organisation.  Threat intelligence provides understanding about threat actors’ common targets and attack patterns giving organisations necessary information used to direct resources to specific defence activities.  The key is to not just have this information, but to integrate it into the various functions of the information security programme.  This can provide a variety of benefits including improved detection capabilities and incident response activities, prioritisation and strategy for addressing risks, etc.  Ultimately, operationalising threat intelligence can provide immediate strategic and operational value for any size organisation.

What can we expect from GuidePoint Security in 2022?

In 2022, GuidePoint continues to research and invest across all security disciplines to provide innovative solutions, thought leadership, and managed security services in areas including cloud security; identity and access management; supply chain risk management; and vulnerability identification and management. GuidePoint is also addressing the cybersecurity skills gap through the creation of GuidePoint Security University (GPSU).  GPSU, launched in May of this year, is a training and development pipeline for developing critical cybersecurity skills and applying them to real-world solutions.  Finally, GuidePoint is investing in our local communities to foster education and collaboration across industry verticals through our GPSec Cyber Security Forums.



Featured Articles

ICYMI: New Age of the CISO and cybersecurity trends for 2023

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Kingfisher chooses Google Cloud as catalyst for growth

Google Cloud will support Kingfisher's digital ambitions with a range of solutions, from infrastructure to data analytics.

ICYMI: Cyber predictions for 2023 and trouble in paradise

A week is a long time in cybersecurity, so here’s a round-up of the Cyber Magazine articles that have been starting conversations around the world

Osirium shares its cyber predictions for 2023

Cyber Security

ICYMI: Unloved emails and cybersecurity worth $500bn by 2030

Cyber Security

Cyber security market anticipated to reach $500bn by 2030

Cyber Security