Monday, April 2, 2018

High flown cybersecurity

If there is one sector that is especially concerned with safety, it is undoubtedly the airlines. Since customers are going to carry out an activity, fly, which is totally alien to their morphology, there are a whole series of protocols that regulate all aspects of what will happen on the flight: from user behavior to mechanical checks in triplicate to do before takeoff, approach or what routes should be followed when landing in the direction and strength of the wind.

Therefore, it should not surprise us that a sector so concerned about security pay special attention to the protection of their information and computer systems, since a failure can have catastrophic consequences. In addition, because of the strategic importance of this sector and its dependence on technology, they are forced to face very specific challenges and threats. Of all this, Darren Argyle , the former CISO of Quantas airline speaks in the interview that we share with all of you below.

The first thing that draws attention is the rapid evolution of the security needs of the sector, as Darren himself points out: "20 years ago cybersecurity did not exist, it was called information security and when I first started out it was about protecting the perimeter"and in addition, the threats were much more basic" the first virus I recall was ILOVEYOU, which was actually pretty effective in what it achieved: a global meltdown, but without the criminal or monetary element that you see nowadays ".

In addition, in such a competitive and technological sector as the one of the airlines it is important to be update as far as cybersecurity issues are concerned, especially when elements like the Artificial Intelligence (AI) or the Internet of Things (IoT) are already a reality that is applied in the day by day of this type of companies, which forces "the crucial part for security has always been ensuring that everything is secure by design" and, according to the former CISO of Quantas "It's important for security teams to get engaged into those new projects early enough"so that these projects are implemented in a secure way and do not create a gap in the perimeter already established.

Another factor to take into account is that security is not only an issue that affects the IT team, but must be implemented in the company's DNA: "Previously, security was just generally seen as the cost of doing business. Now, it’s become a competitive advantage, and an investment in the brand", which would explain the growing weight that cybersecurity has in the budgets of most companies of a certain level.

In such a competitive environment and constantly evolving, it is increasingly important for companies to have protocols and tools to attract talent that allow them to incorporate the new profiles required to ensure information security and operations to their IT teams, so Darren Argyle argued for a dual system while it was CISO Qantas "You need those you bring in as experienced hires, but you also need a pool of individuals who are new to the industry. With everything happening in cybersecurity recruitment, you can’t expect candidates to meet every item on the job description. You hire them for their curiosity and passion, then train them up".

If any important lesson we can draw from the interview we have shared today, is that all companies and sectors face similar threats nowadays. But the lessons learned from such a demanding sector and where security is a fundamental value, have a special value and formulas that have already successfully tested, we can export them to any other business that faces similar threats ... and if not, ask the Boeing team, which suffered the impact of the well-known Wannacry at the end of last month.


Post a Comment