global cyber conference speaker interview

In this interview, Howard tells us about his cyber security predictions, the human element in cyber security, and the types of threats that are difficult to detect. 

Howard Whyte is the Executive Vice President and the Chief Information Security Officer (CISO) at Truist Financial Corporation. Howard served as CISO at Boeing and worked for more than 20 years as an executive leader of information security.

The human element plays a central part in most cybersecurity incidents. To which extent do you consider that people are most often the problem? 

The human element of the equation is paramount to the security of an organization from the internal perspective. The staff works daily to protect our assets and detect abnormalities in the ecosystem. On the other side of the organization staff and constantly using IT services and capabilities that could be open to a miss user case. 

The collective knowledge and expertise of all staff on cyber and IT threats will increase proactive risk management which allows for the organization to operate at speed.

What types of cyber threats are the most complicated to detect? Maybe you can give an example from real life? 

Threats carried out by the Nation States or insiders are often difficult to detect during various stages of their operation. We can look at the Sony breach in 2014 or the SolarWinds hack in 2020 (where most organizations weren’t prepared for this sort of software supply chain attack) as examples.

How can small and medium-sized businesses implement technical infrastructure that will ensure optimal governance of their client data?  

In my opinion, small and medium-sized organizations should partner with service providers to implement a framework and continuous monitoring of their unique risk landscape.

What trends do you foresee happening in the cyber security landscape over the upcoming 5 years?  

We will see more attacks on less protected areas of our digital ecosystem. Additionally, more organizations will have an individual responsibility for cyber security reporting to the CEO or the Board over the coming years.