Q and A with Ian Thornton-Trump, CISO of Cyjax
1. What are some comparisons between nations with longer term cybersecurity strategies where governments stay in power longer (e.g. Russia, China) compared to shorter, sometimes fixed term governments (e.g. USA, UK)?
There has been a lot of discussion on this subject in recent months. I tend to believe that geopolitical realities and national policy objectives are not really swayed by the character or nature of governments. In general, economic forces and issues such as global pandemic and climate change are beyond the sphere of influence of nation state governments. This dates to the end of the Cold War and my general view of how nations have “staked a claim” in cyber or otherwise. As an example, the recent change in US Government may impact rival relationships in a positive direction. It’s unlikely though there will be cessation of cyber hostilities with China, Russia, Iran and North Korea – they will remain protagonists into the forceable future.
2. Which type of government is better for the success of effective cybersecurity strategies: governments that stay in power longer, or shorter terms?
If I had to pick, I would say western democracies have an advantage of agility when it comes to policy, but its impact is limited. When it comes to cyber and intellectual property, clearly there is a western advantage but I think government is subordinate to the free market economy we live in.
3. What are the issues affecting organisations outside the public sector?
Demoralisation due to increasing tempo and success of cybercrime attacks.
4. How critical is education and training?
Not any less or more than anything else but, part of the key to robust security and a compliance requirement.
5. How much of a global leader is the UK in the Cyber arena?
The UK is number one [1] but I would say law enforcement activity, arrests are hugely lacking - it seems to be outsourced to America.
6. Should cyber expand to take more of a people focus and into the mis/disinformation arena?
Potentially but we run into freedom of speech and freedom of belief issues as it’s a complicated topic/safety issue. We live in a diverse western society that in many respects has a protected right to speech and belief.
7. Is GDPR coming of age with the Marriott and British Airways (BA) fines?
Not at all. Its currently failing due to underfunding of the investigation and enforcement role of the ICO. The backlog of cases/complaints is in the thousands and the backlog grows every day.
8. What practical tips would you from your positions of knowledge want to share with the community?
Pay attention to NCSC/CISA/FBI alerts. Be cyber essentials certified (plus robust backup) and monitor the external attack surface.
Ian will be speaking on Day Two of International Security Week (ISWeek) - Countering the cyber threat and future trends. How has this been influenced by the Pandemic? sponsored by Tripwire.
Watch ondemand here: https://www.internationalsecurityexpo.com/isweek-on-demand
For more information on International Security Week, visit https://www.internationalsecurityexpo.com/international-security-week or join the conversation online:
- Follow International Security Expo on Twitter: https://twitter.com/ISE_Expo
- Follow International Security Expo on LinkedIn: https://www.linkedin.com/company/internationalsecurityexpo/
[1] https://eandt.theiet.org/content/articles/2019/04/uk-tops-itu-global-cyber-security-index/