GCC interview

Ahead of the Global Cyber Conference, we have undertaken a series of interviews with some of our keynote speakers featuring on stage in September.

Today, we have the pleasure to have Steve Brown, European lead for cyber security and resilience at Mastercard share some insights on the future of cybersecurity and human error in security. Steve was our keynote speaker at the Global Cyber Conference 2022. His presentation is entitled “Is your business fit for the digital age: Why digitalization requires cyber security”.

Considering the rapid increase in cyberattacks, what do you believe will be the major trends or developments likely to emerge in cybersecurity over the following 3 to 5 years?

I believe the utilization of AI by cybercriminals, criminal groups, and Nation-States will grow in prevalence. The ability to automate reconnaissance, the ability to be more targeted in their criminal approach, and to identify suitable victims and their data, will require a measured, intelligence-led and proactive response.

Cyber security focuses on protecting data, however, it’s no longer that sufficient, meaning that businesses need cyber resilience. What does cybersecurity resilience mean to you, and how can businesses achieve it?

Cyber security resilience should now be termed as operational resilience as it is focused on ensuring the integrity of business systems, infrastructure, and their supply chain. Businesses must have the humility to be resilient to realize that despite their very best efforts, they can still fall victim to a cyber-attack. Businesses must therefore have the ability to anticipate, withstand, recover and evolve.

Almost all successful cyber breaches share one variable in common which is human error. What are the best practices for preventing human errors and security mistakes?

The ability to be able to hold open and honest debriefs of activity, errors, and mistakes is critical to being able to learn from them. It is easy to share good practices, and what has worked well but be brave enough to share bad practices and what hasn’t worked. Ensure that any remediation is relevant and speaks to current threats to the business. It must also be underpinned by the maxim that successful cyber resilience, is an organizational responsibility and must be demonstrated from the very top.