We are so excited to have David Jacoby, one of Sweden’s boldest hackers and IT security experts, speak at our Global Cyber Conference. Prior to his participation, we had the opportunity to chat with David and asked him whether data breaches are unavoidable, what is the biggest challenge to a secure digital transformation in cyber security, and how to build a strong culture of cyber security. Read his full interview below.
David Jacoby has over 25 years of experience in professional hacking and won several awards both as a speaker and for his unique research and dedicated work to stop digital crime. He were leading a track session entitled “LIVE hacking show: demystifying the macOS attack chain”.
David was also a panelist in the session “Key characteristics of an effective insider threat mitigation programs”, together with Laurens Binken General Manager of Information Risk Management Strategy and Transformation at Shell, Ymir Vigfusson, Associate Professor at Emory University, Brett Conlon, CISO at American Century Investments, and Sascha Maier, Group CISO at SV Group at the Global Cyber Conference 2022.
Are data breaches unavoidable? If yes, is there a right and a wrong way to deal with them when they do occur?
A data breach is a very wide term, but I assume most people refer to data breaches as cyber criminals gaining access to systems. I would say that it’s basically unavoidable, but for me, it’s not black and white. According to me, avoiding data breaches is more about doing everything you can to make sure that it’s as difficult as it can be for the criminals to perform the data breach, also have censors and monitoring so IF and WHEN a breach occurs, you can easily understand what happened, what data was accessed and how.
Mitigation is also extremely important, so when a breach has been identified, you can easily prevent access and make sure that the systems do not get exploited again.
I’m a big fan of zero trust, ACL, network segmentation, monitoring, and making sure that our desktops are secure. Our desktops are often forgotten, and we have a tendency to focus on technical vulnerabilities instead of logical vulnerabilities such as weak credentials or sensitive information stored in shared folders.
What is the number one challenge to a secure digital transformation in cyber security?
Oh, the number ONE challenge? I think the number one challenge is that we, everyone, users of digital systems, need to understand how we are all part of both the solution and the problem. We need to understand that digital security is not only affecting digital systems, but the digital and physical world is not two different things anymore. We can control and affect the physical world from the digital world and vice versa.
How can security leaders better help their organizations build a strong culture of security?
I think, including IT security in everything that we do is important, and as I said in the previous question, everyone is both parts of the solution and problem. I love to involve non-technical people in the daily IT security challenges. Having an internal bug bounty problem is also a very good system for everyone to report IT-security issues.
What do you foresee will be the biggest obstacle for security leaders and practitioners to overcome in 2023 and beyond?
Legislation is a problem since we are using GLOBAL IT systems, but we have LOCAL legislation. But I also think that the urge for digitalization and being “digital” is moving at a faster pace than we can secure our systems, so the digital transformation is in some cases making us vulnerable.