Cybersecurity Strategy – Getting Ready for the Next Event

CDO Magazine and ComSpark hosted the Cybersecurity Midwest Summit 2022 on September 29. The distinctive event featured more than 100 distinguished security experts sharing experiences and best practices regarding cybersecurity for organizational development.

Court Radke, National CISO - Retail & Hospitality at Fortinet, set the tone of the summit with his keynote presentation, “Cybersecurity Strategy: Getting Ready for the Next Event.”

“Our mission is to secure people, devices, and data everywhere,” says Radke.

In the keynote, he highlights the key areas pivotal to creating cybersecurity structure and practice while adhering to organizational culture and principles. A regular speaker at industry conferences, Radke acknowledges the summit as the catalyst that enables information sharing to address the stigma around cybersecurity. 

The six critical aspects of cybersecurity addressed by Radke are:

    1. Know the enemy. Ninety-nine percent of attacks in the retail sector are financially driven. With 150,000 intrusion attempts weekly, cybercrime costs the world a trillion dollars yearly, equivalent to 1% of the global GDP. Organizations must understand the threat landscape and create a culture around cybersecurity.

    2. Keep a holistic view of cybersecurity. With threats coming in multiple forms and businesses needing to gain and retain talent, consolidating the existing workforce and convergence of disciplines make the ideal strategy. Merging disciplines such as data and network with security for security-driven networking is the need of the hour

    3. Choose open and integrated. Open and integrated solutions allow organizations to explore modern security frameworks such as the MITRE ATT&CK Framework. Creating integrated and open mindsets leads to better adherence to mature cybersecurity controls and integrated prevention.

    4. Proper risk management. Regulations such as PCI, SOX, and HIPAA enable organizations to have better cyber controls. However, organizations must act to move beyond compliance. Risk management is the key strategy to ensure security habits do not become pervasive — no security measure is good if it stops an organization’s operations. While cybersecurity is everyone’s responsibility, the risk manager must know everything about data and own the information to protect the crown jewels.

    5. Choose solid partners. Organizations trust the co-creation of security posture with the partners. Still, there is a need for third-party risk management and supply chain management so organizations can protect themselves from the partnerships created. Additionally, working through partnerships that drive innovation is pivotal.

    6. Train people on cyber awareness. It is critical to humanize cybersecurity because 80% of attacks come from people, and trained people are the strongest link. People must be trained to address the cyber skills shortage and to ensure they are not doing things they shouldn't be.

Radke also pinpoints ways to increase cyber awareness and mitigate the human element:

• Learn the attacking ways.

• Understand the threat actors’ tactics, techniques, and procedures.

• Use technology that detects threats based on behavior and intent.

• Create repeatable and automated plans. Innumerable data pieces require correlation, and people cannot keep a 24/7 record.

“It is really about creating that foundation. It is about coming away with iterative approaches, making you think about security as a continuous process,” Radke concludes.

Watch other Cybersecurity Midwest Summit 2022 sessions HERE