What if someone hacks into the air conditioning linked to the lifts? Enter the mind of a CISO. At Llyods Banking Group, Laura Catterick is Programme Director of Group Operational Resilience for the Cybersecurity LBG. In addition to staying a step ahead of a new threat landscape, Laura’s key to success is making security everybody’s business. Talking to Vishal Salvi, CISO, Infosys, Laura outlines resilience as an enterprise-wide culture.
As mindsets change on the front line, the back end evolves: from detect and flag, to respond and recover, to sense and heal. This is holistic resilience, equal parts attitude and ability. And it makes all the difference between iron-clad and laid-bare for a hyper-networked enterprise.
Ring-fencing cybersecurity as a function of systems and servers is myopic. Resilience goes beyond IT – it’s a broader view of resilience in everything from people and suppliers to buildings and ecosystems.
Here’s the script: design, build, test, then secure. It’s time to rewrite the norm, by embedding and educating: to think security-first from the get-go of the lifecycle and take pride in developing secure products.
The cloud offers simplicity against a constant run of upgrades and a complex application footprint. But it isn’t just the what that must be revisited, it’s the how and why: legacy is also a way of thinking, from perspective to policy.
Collaboration. Upskilling. Unlimited resources. Sounds like the enterprise strategy, but it’s actually the hacker strategy. Matching this will require experimentation, ecosystem innovation, and above all, agile security budgeting.
Educate yourself on security, but make sure that you're bringing the board and the senior executives along with you so that they understand the importance of why we need to keep funding this.