GCC interview

We asked Stuart Seymour, Head of Cyber Security Incident Response and Continuity at BAT, three questions about the emerging cyber security trends, the biggest barriers in the fight against ransomware, and the role of the human element in successful cyber incidents. Join us and hear Stuart’s compelling and valuable cybersecurity insights. 

Stuart Seymour, Head of Cyber Security Incident Response and Continuity at BAT, was a panelist in the session entitled “Security incident management: Key lessons from industry leaders” together with Laurens Binken, General Manager Information Risk Management Strategy and Transformation at Shell, Shawn Bowen, VP and CISO at World Fuel Services, Linus Plum, CISO at Software AG, and Sascha Maier, Group CISO at SV Group at the Global Cyber Conference 2022. Stuart has a proven track record of building and transforming Security Functions, leading security transformation and operational teams globally, at major multinationals.

Considering the rapid increase in cyberattacks, what do you believe will be the major trends or developments likely to emerge in cybersecurity over the next 3 to 5 years?  

I believe that the barriers to entry for criminal actors will continue to decrease over the next 3-5 years meaning that exposure to cyber security risks for small to medium enterprises will increase. More open-source tools will become available and more widely used. The lack of formal international cooperation / international laws relating to cyber will facilitate criminal groups. Finally, as it has been shown with the current conflict in Eastern Europe, self-styled vigilante groups will feel increasingly empowered to act within a geopolitical context.

What do you consider to be the biggest hurdle for organizations in the fight against ransomware?  

Cognizance at Board Level. Clearly articulated plans (to pay / or not to pay) which are discussed ahead of time so that all know what the direction is. Understanding the true operational impact and ensuring that BIA properly takes this into account. A solid data backup strategy based on the 3-2-1 principle. Visibility of systems, vulnerability management.

Detection tools, and prevention tools both of which focus on C2 and lateral movement. Adequate response procedures and forensic subject matter expertise. Clearly defined insurance protocols if not self-insured.

The human element plays a central part in most cybersecurity incidents. To which extent do you consider that people are often the problem?  

Humans are not the ‘weakest link’ but rather our most vulnerable asset. The mindset implied by the wording of the question needs to change. Everything starts with the human, whether failing to patch or clicking a phishing link. However, it is also predominantly humans who heroically spend 20-hour days for months on end responding and recovering.

We need to ensure that we appeal to the heart as well as the head. i.e., do this not because security told you to but because you are invested in it. This needs to be done through continuous teaching and engagement. A culture needs to be developed where blame is not automatically attached but the primary focus is learning and improving. So, the human is not the problem it is the person that needs to be educated and protected and is in every respect critical to the solution.