In this interview, Brett explains whether data breaches are unavoidable, and what cyber resilience means to him and shares his advice on how to communicate security investments’ ROI to other stakeholders.
Brett Conlon is CISO at American Century Investments and he is responsible for establishing and driving the strategy for the organization’s information security, business resiliency, and emerging security technologies. A former Federal Bureau of Investigation (FBI) Senior Executive, Brett was a panellist in the session entitled “Ransomware: paying or not paying – challenges and consequences for businesses” At Global Cyber Conference 2022.
Are data breaches unavoidable? If yes, is there a right and a wrong way to deal with them?
The magnitude and impact of a data breach are definitely avoidable. While we can’t prevent all breaches, how we respond, train, and prepare are all areas that we can control. How we respond during an incident makes all the difference. And there are things we can do prior to an incident to help lessen the impact on the company and our employees.
What does cybersecurity resilience mean to you and how can businesses achieve it?
Cyber resilience reflects a company’s ability to detect, respond to, and recover from a cyber-attack, including measured KRI. When a business has the ability to measure its exposure and risks and gain best practices and tailored recommendations to address gaps and cyber risks.
What advice would you share with information security leaders and CISOs when it comes to communicating an ROI for security investments to other stakeholders?
Security needs to talk in the same language as the business, good security is good for the bottom line and the management needs to understand that. Talking about vulnerability management isn’t relatable but discussing security and its competitive advantage is the right approach.
What significant changes do you see occurring within the information security market over the next 3 to 5 years?
I think we are going to see increased regulation, increased transparency, and improvement around 3rd / 4th tier supply chain vendors.