Darren Argyle is the Group Chief Information Security Risk Officer (CISRO) at Standard Chartered and Co-founder and Chairman of the Cyber Leadership Institute. He also serves as a volunteer on the executive advisory board for cyber at Australia’s Deakin University. Darren will be leading a keynote speech on the topic of “Cyber governance: Major principles for efficient cyber security leadership”.
In this interview, Darren sheds light on the human element of cyber security, a cyber security industry issue that is being overlooked, and the biggest hurdle faced by organizations to fight ransomware. Read the full interview below.
The human element plays a central part in most cybersecurity incidents. To which extent do you consider that people are most often the problem?
I think framing people as the ‘problem’ is the wrong way to see and describe this. We all make mistakes, and there are individuals committing significant resources to try to trick us.
We need to support our colleagues, ensure they are accountable and aware of any consequences of repeated mistakes, and also ensure they are appropriately armed with the tools and teaching to combat the extremely pervasive threat that exists. We should not view humans as the problem as they are also the creator, testers, and end users.
When it comes to the best practices for preventing human errors and security mistakes, I would say that cyber awareness is critical. We must also understand that we all make mistakes – so how we respond and recover from those errors is also critical.
What is the one thing people in cyber security are currently overlooking?
Getting a better representation of females in the industry. It is acknowledged in many aspects that we lack gender equality in this field, and it is a shame I don’t see more leaders taking an active role in this. Females bring another lens into this area which can become of great value when we are thinking of our defenses and resilience.
What do you consider to be the biggest hurdle for organizations in the fight against ransomware?
Having well-rehearsed response and recovery plans and the right individuals included in those procedures, covering all aspects from technical expertise to communications skills.
The surge in remote working has created concerns for cybersecurity specialists, exposing companies to many cyber threats. What major preventive measures would you recommend a company takes to close those gaps?
An example of a particularly important technical measure is two-factor authentication, making it more challenging for those with malicious intent to impersonate our employees.
Fundamentals are crucial, combined with reminders to employees of the need for vigilance, and reinforcing the importance of cyber security to the organization. It is important to be proactive and maintain an understanding of market trends.
Artificial intelligence (AI) and machine learning (ML) are playing an increasing role in cyber security. But can AI-based cyber security be a complete replacement for human security staff?
I see technologies such as these as augmenting or enhancing human decision-making, whether the scale or speed of those decisions or providing new insights. But I don’t see those technologies, or solutions that use them, replacing human security staff.
Could you please share with us your top 3 reasons for attending the Global Cyber Conference in Zurich?
To engage with other cyber thought leaders, learn from their experiences, and share insights from our work at Standard Chartered Bank.
What are your initial thoughts on the Global Cyber Conference’s key themes and according to you, how strategically the themes are set?
Human-centric Cyber Security is particularly relevant to us – considering the journey of our customers and balancing the need for security with the importance of a positive customer experience. Our colleagues are also a priority when thinking about our own resilience and empowering them through learning and development and embedding a strong cyber-aware culture is key to the Bank’s approach to cyber security.