Michael Speas, VP, Chief Information Security Officer and Infrastructure at Western & Southern Financial Group, speaks with Michael Sutter, CEO of Enlivened Tech, in a video interview about fostering security awareness, the need for tools and techniques, preparing for a data breach, and leveraging AI to address cybersecurity challenges.
Speas begins by stating that the culture of security awareness is the greatest asset of his organization. Adding on, he acknowledges having a passionate team that brings fresh ideas to get the security awareness messages across to the associates.
In continuation, Speas shares about partnering with the public relations and communications team to craft the messages, and sending them through the right channels and in the right cadence. He also takes pride in the associates whose feedback demonstrates their security awareness.
Having said that, Speas also reflects on the level of paranoia that exists as the threat actors target the associates and are successful in breaching companies.
Speaking of tools and technologies, he maintains that tools come and go in the cybersecurity space. Elaborating further, Speas refers to antivirus tools, which initially helped manage risks but over time, many of the platforms became ineffective. He then mentions how Managed Detection Response (MDR) replaced the previous tools.
While there will always be a new tool down the road, Speas advocates the need to ensure the basics of cybersecurity awareness such as access control. He highlights the importance of everything taught to security professionals and shares that now the same things are taught to high school and grade school students.
The basics of blocking and tackling are the tools and techniques that the companies should have in place, and those not doing them well are getting breached, says Speas.
When asked how to prepare for a data breach, he recommends having an incident response program, as it is one of those blocking and tackling items that companies must have. On top of that, Speas advises to partner up with an internal legal team or seek external expertise. He adds that having cyber insurance is a good place to start because the company will have access to many resources through the cyber insurer.
With the help of resources, companies can leverage a template and ensure proper communication across the company to take down messaging or email, if something were to occur, says Speas. After that, he recommends working on tabletop testing on an annual basis and engaging third parties to do that.
Third parties can identify gaps as they do it regularly and are also involved in responding to incidents, says Speas. After developing and maturing an incident response program, it is critical for companies to focus on how to respond to a third-party breach.
Commenting on staying informed about emerging technologies, Speas mentions having access to a lot of threat intel, through fellow peers within Cincinnati and having a CISO community. He also mentions having a similar peer group within the industry, where he gets the best information.
To address the significant cybersecurity threat and challenges, Speas leans towards leveraging AI with the evolving program, because the threat actors would use it to enhance their capabilities. He urges cybersecurity teams to embrace AI to increase tooling capabilities.
In conclusion, Speas states the multitude of opportunities with AI and says that there is a lot to stay on top of. He notes that AI will turn itself into its own industry, and will create opportunities for various domains including cyber.
CDO Magazine appreciates Michael Speas for sharing his invaluable insights with our global community.