global cyber conference

In this interview, Kevin talks about how businesses can achieve cyber security resilience, whether AI-driven cyber security will become a complete replacement for human security staff, and his cyber security predictions for the upcoming years. 

Kevin Morrison is Vice President and Chief Information Security Officer at Driven Brands. His background includes former CISO roles at Alaska Airlines and Coinstar and spans nearly 24 years in IT, with over 18 of them in Information and Cyber Security. Kevin Morrison was a keynote speaker on “Cyber risk mitigation and program transformation using continuous attack path analysis platforms” at the Global Cyber Conference 2022.

What does cyber security resilience mean to you and how can businesses achieve it? 

To me, it means architecting and implementing systems and processes that allow the business to continue operating in a manner that minimizes disruption in the event of cyber or other incidents.  Businesses can achieve it by ensuring their BIA is kept current and by actively partnering with the cyber security team to ensure appropriate controls are mapped to that BIA. 

Almost all successful cyber breaches share one variable in common which is human error. What are the best practices for preventing human errors and security mistakes? 

Continuous visibility, monitoring, alerting, and automation of appropriate actions based on agreed-upon playbooks. 

Artificial intelligence (AI) and machine learning (ML) are playing an increasing role in cyber security. But can AI-based cyber security be a complete replacement for human security staff? 

I don’t believe AI can be a complete replacement. As even if it could automate everything, it can’t build relationships with the rest of the business which in turn needs to engage others for guidance on risk-related topics or initiatives.

What trends do you foresee happening in the data protection and privacy landscape over the upcoming 5 years? 

Data protection will become more automated based on defined business policies, and the privacy landscape will finally have a centralized framework in the U.S. similar to GDPR that removes the patchwork of unsustainable state laws.